CORS GET 在 Firefox 中返回一个空的响应正文 [英] CORS GET returns an empty response body in Firefox

问题描述

从 RESTful Backbone 应用程序，我正在执行从 mydomain.com 到 myExtdomain.com 的 CORS 请求.

From a RESTful Backbone application, I'm doing CORS requests from mydomain.com to myExtdomain.com.

我确实在我的 myExtdomain.com 服务器上设置了 CORS，我正在响应 OPTIONS 动词(任何 URL):

I did set up CORS on my myExtdomain.com server, I'm responding to OPTIONS verb (any URL) with:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type

Status Code: HTTP/1.1 204 No Content

对我在 myExtdomain.com 上的 API 调用使用:

And to my API calls on myExtdomain.com with:

Access-Control-Allow-Origin: *
Content-Type: application/json

Status Code: HTTP/1.1 200 OK

我什至拼命地尝试用一切来响应所有我在 myExtdomain.com 上的 HTTP 请求:

I even desperately tried to respond to all my HTTP requests on myExtdomain.com with everything:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Content-Type: application/json

Status Code: HTTP/1.1 200 OK

问题

• 在 Chrome 中一切正常
• 在 Firefox 中，我的 PUT 请求有效，但我的 GET 请求有点失败"...

The problem

• Everything works fine in Chrome
• In Firefox, my PUT requests work, but my GET requests "kinda fail"...
• 返回的 HTTP 状态码为 200 OK
• 但响应为空(无响应正文/大小 0 KB).它应该是一些 JSON.
• 但是，由于某种原因，每 100 次，一个 GET 请求有效
• The returned HTTP status code is 200 OK
• But the response is empty (No Response Body/Size 0 KB).. It supposed to be some JSON.
• But, for some reason, every once in 100 times, one GET request works

响应OPTIONS动词:

REQUEST HEADERS
-----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Origin: http://mydomain.com
Host:   www.myExtdomain.com
Connection: keep-alive
Access-Control-Request-Method:  PUT
Access-Control-Request-Headers: content-type
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

RESPONSE HEADERS
-----------------
X-Powered-By:   ASP.NET
Server: Microsoft-IIS/7.0
Date:   Fri, 15 Nov 2013 07:01:57 GMT
Content-Type:   text/html
Access-Control-Allow-Origin:    *
Access-Control-Allow-Methods:   POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers:   Content-Type

一个 PUT 请求:

REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer:    http://mydomain.com/account
Origin: http://mydomain.com
Host:   www.myExtdomain.com
Content-Type:   application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01

RESPONSE HEADERS
----------------
X-Powered-By:   ASP.NET
Server: Microsoft-IIS/7.0
Date:   Fri, 15 Nov 2013 07:01:57 GMT
Content-Type:   application/json
Content-Length: 0
Access-Control-Allow-Origin:    *

BODY RESPONSE
--------------
_Some_Json_Here_

魔法 GET 请求:

REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer:    http://mydomain.com/somepage
Origin: http://mydomain.com
Host:   www.myExtdomain.com
Connection: keep-alive
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01

RESPONSE HEADERS
----------------
Server: Microsoft-IIS/7.0
Last-Modified:  Fri, 15 Nov 2013 06:58:18 GMT
Date:   Fri, 15 Nov 2013 07:01:57 GMT
Content-Type:   application/json
Content-Length: 4041
Connection: keep-alive

RESPONSE BODY
--------------
Empty (0KB), it's supposed to be some JSON, that *SOMETIMES* (1/100) I get.. Magic.

结束思考

• 如您所见，神奇的 GET 请求的响应标头甚至不包括我在 myExtdomain.com
上设置的 CORS 标头
• 另一方面，PUT 请求确实包含它们..
• 同样，在 Chrome 中一切正常，所有响应标头都存在，我按预期获得 JSON，等等.
• 我花了很长时间学习 CORS(显然还不够)，试图分解需要/不需要的东西，而不是复制/粘贴随机代码
• JSONP 用于 GET 请求对于我来说不是替代
• 我的所有请求(任何动词)都来自非安全页面(不是来自https://)
• 我很绝望..

Closing thoughts

• As you can see the Response Headers of the magic GET request do not even include the CORS Headers I do set on myExtdomain.com
• The PUT request on the other hand does include them..
• Again, everything works just fine in Chrome, all the Response Headers are present, I get my JSON as expected, etc..
• I spent a rather long time studying CORS (was not enough apparently), trying to break down what's needed/not needed and not copy/pasting random code
• JSONP for GET requests is not an alternative for me
• All my requests (any verb) are made from non-secure pages (not from https://)
• I'm desperate..

推荐答案

将 Cache-Control: no-cache 标头添加到我所有的 API 调用响应(在 myExtdomain.com 上代码>) 解决了我的问题:

Adding the Cache-Control: no-cache header to all my API calls Responses (on myExtdomain.com) solved my problem:

Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache

出于某种原因，Firefox 缓存了我的 API 调用，当缓存时，FF 无法再次解析 JSON.. 以空响应正文或任何错误结束..

For some reason, Firefox was caching my API calls, and when cached, FF was not able to parse the JSON again.. Ending up in an empty response body or whatever error that was..

现在我记得这不是我第一次在 Firefox 中强制 no-cache ..

Now I remember this is not the first time I have to force no-cache with Firefox..

同样，Chrome 一切正常，Chrome 不需要 Cache-Control: no-cache 标头.

Again, everything was working fine with Chrome, Chrome does not need the Cache-Control: no-cache header.

如果有人知道 FF 和 Chrome 之间的这种区别(默认设置??)，我很想不再了解它.

If someone know about this difference between FF and Chrome (default settings??), I'd be curious to no more about it.

希望这会为某人节省一些时间.

Hope this will save some time to somebody.

这篇关于CORS GET 在 Firefox 中返回一个空的响应正文的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！