CORS GET 在 Firefox 中返回一个空的响应正文 [英] CORS GET returns an empty response body in Firefox
问题描述
从 RESTful Backbone 应用程序,我正在执行从 mydomain.com
到 myExtdomain.com
的 CORS 请求.
From a RESTful Backbone application, I'm doing CORS requests from mydomain.com
to myExtdomain.com
.
我确实在我的 myExtdomain.com
服务器上设置了 CORS,我正在响应 OPTIONS
动词(任何 URL):
I did set up CORS on my myExtdomain.com
server, I'm responding to OPTIONS
verb (any URL) with:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Status Code: HTTP/1.1 204 No Content
对我在 myExtdomain.com
上的 API 调用使用:
And to my API calls on myExtdomain.com
with:
Access-Control-Allow-Origin: *
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
我什至拼命地尝试用一切来响应所有我在 myExtdomain.com
上的 HTTP 请求:
I even desperately tried to respond to all my HTTP requests on myExtdomain.com
with everything:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
问题
- 在 Chrome 中一切正常
- 在 Firefox 中,我的
PUT
请求有效,但我的GET
请求有点失败"... - Everything works fine in Chrome
- In Firefox, my
PUT
requests work, but myGET
requests "kinda fail"... - 返回的 HTTP 状态码为
200 OK
- 但响应为空(无响应正文/大小 0 KB).它应该是一些
JSON
. - 但是,由于某种原因,每 100 次,一个
GET
请求有效 - The returned HTTP status code is
200 OK
- But the response is empty (No Response Body/Size 0 KB).. It supposed to be some
JSON
. - But, for some reason, every once in 100 times, one
GET
request works
The problem
响应OPTIONS
动词:
REQUEST HEADERS
-----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
RESPONSE HEADERS
-----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
一个 PUT
请求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/account
Origin: http://mydomain.com
Host: www.myExtdomain.com
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 0
Access-Control-Allow-Origin: *
BODY RESPONSE
--------------
_Some_Json_Here_
魔法 GET
请求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/somepage
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
Server: Microsoft-IIS/7.0
Last-Modified: Fri, 15 Nov 2013 06:58:18 GMT
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 4041
Connection: keep-alive
RESPONSE BODY
--------------
Empty (0KB), it's supposed to be some JSON, that *SOMETIMES* (1/100) I get.. Magic.
结束思考
- 如您所见,神奇的
GET
请求的响应标头甚至不包括我在myExtdomain.com
上设置的 CORS 标头 - 另一方面,
PUT
请求确实包含它们.. - 同样,在 Chrome 中一切正常,所有响应标头都存在,我按预期获得
JSON
,等等. - 我花了很长时间学习 CORS(显然还不够),试图分解需要/不需要的东西,而不是复制/粘贴随机代码
JSONP
用于GET
请求对于我来说不是替代- 我的所有请求(任何动词)都来自非安全页面(不是来自
https://
) - 我很绝望..
- As you can see the Response Headers of the magic
GET
request do not even include the CORS Headers I do set onmyExtdomain.com
- The
PUT
request on the other hand does include them.. - Again, everything works just fine in Chrome, all the Response Headers are present, I get my
JSON
as expected, etc.. - I spent a rather long time studying CORS (was not enough apparently), trying to break down what's needed/not needed and not copy/pasting random code
JSONP
forGET
requests is not an alternative for me- All my requests (any verb) are made from non-secure pages (not from
https://
) - I'm desperate..
Closing thoughts
推荐答案
将 Cache-Control: no-cache
标头添加到我所有的 API 调用响应(在 myExtdomain.com 上
代码>) 解决了我的问题:
Adding the Cache-Control: no-cache
header to all my API calls Responses (on myExtdomain.com
) solved my problem:
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache
出于某种原因,Firefox 缓存了我的 API 调用,当缓存时,FF 无法再次解析 JSON.. 以空响应正文或任何错误结束..
For some reason, Firefox was caching my API calls, and when cached, FF was not able to parse the JSON again.. Ending up in an empty response body or whatever error that was..
现在我记得这不是我第一次在 Firefox 中强制 no-cache
..
Now I remember this is not the first time I have to force no-cache
with Firefox..
同样,Chrome 一切正常,Chrome 不需要 Cache-Control: no-cache
标头.
Again, everything was working fine with Chrome, Chrome does not need the Cache-Control: no-cache
header.
如果有人知道 FF 和 Chrome 之间的这种区别(默认设置??),我很想不再了解它.
If someone know about this difference between FF and Chrome (default settings??), I'd be curious to no more about it.
希望这会为某人节省一些时间.
Hope this will save some time to somebody.
这篇关于CORS GET 在 Firefox 中返回一个空的响应正文的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!