为什么 CORS 请求在 Microsoft Edge 中失败但在其他浏览器中有效? [英] Why are CORS requests failing in Microsoft Edge but working in other browsers?
问题描述
我正在使用 jQuery 发送跨源 ajax 请求,它们在 IE11、Chrome 和 Firefox 中运行良好,但在 Edge 中失败并出现以下错误:
I'm using jQuery to send cross origin ajax requests and they're working fine in IE11, Chrome and Firefox but they fail in Edge with the following error:
SCRIPT7002:XMLHttpRequest:网络错误 0x80070005,访问权限为拒绝.
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
有趣的是,我使用 Fiddler 试图弄清楚发生了什么,以及 Fiddler 何时运行并捕获请求,一切正常.一旦我关闭 Fiddler 或暂停捕获,它就会再次失败.
What's interesting is that I used Fiddler to try to figure out what was going on and when Fiddler is running and capturing requests everything works fine. As soon as I close Fiddler or pause capture it fails again.
该站点在我的本地计算机 (webpack-dev-server) 上运行,通过本地网络向 WebAPI 服务发出请求.
The site is running on my local machine (webpack-dev-server) making requests across the local network to a WebAPI service.
我的 hosts 文件是这样设置的:
My hosts file is set up like this:
127.0.0.1 local.myapp.test
192.168.0.111 api.myapp.test
这在生产中应该不是问题,因为站点和 API 将托管在同一个地方,但它对于开发和测试非常宝贵.
It shouldn't be a problem in production as the site and API will be hosted in the same place but it's invaluable for development and testing.
更新:
感谢 Telerik 论坛上的 Eric Law 我现在知道为什么在启用 Fiddler 时它的行为会有所不同 - 由于 Fiddler 所做的代理设置更改并且 Intranet 区域的安全级别较低,Edge 正在切换到本地 Intranet 区域.
Thanks to Eric Law on the Telerik forums I now know why it was behaving differently with Fiddler enabled - Edge was switching to Local Intranet zone because of the proxy settings change Fiddler makes and the intranet zone has a lower security level.
有几种可能性;如果没有您的配置的确切细节,我们只是在黑暗中拍摄.
There are a few possibilities; without exact details of your configuration, we're just shooting in the dark.
一种可能是您的计算机配置了 Intranet 区域,并且 Intranet 区域依赖于代理配置脚本:http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx.当 Fiddler 运行时,代理设置指向 Fiddler 本身.
One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.
我将把本地 Intranet 区域的安全级别提高到中高以匹配 Internet 区域,然后使用 Fiddler 尝试找出 Edge 对 CORS 请求感到不安的原因.
I'm going to bump the Local intranet zone security level up to Medium-High to match the Internet zone and then use Fiddler to try to work out why Edge is upset about the CORS request.
推荐答案
下面我将逐字逐句附上 Eric Lawrence(Fiddler 的创建者)在 Fiddler 论坛上提供的答案:
I'll include below, verbatim, the answers that Eric Lawrence (creator of Fiddler) kindly provided on the Fiddler forum:
一种可能是您的计算机配置了 Intranet 区域,并且 Intranet 区域依赖于代理配置脚本:http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx.当 Fiddler 运行时,代理设置指向 Fiddler 本身.
One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.
...如果您使用 Intranet 站点作为来自 Internet 区域站点的 XHR 的目标,那么这里还有另一个因素在起作用.
... there's another factor at work here if you're using an Intranet site as the target of an XHR from a site in the Internet zone.
Edge 在增强保护模式 (AppContainer) 下运行.它具有阻止从 Internet 区域进程访问专用网络资源的功能.请参阅专用网络资源";http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-Metro-desktop.aspx 了解更多详情.
Edge runs in Enhanced Protected Mode (AppContainer). That has a feature which blocks access to Private Network Resources from Internet-Zone processes. See the "Private Network resources" section of http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx for more details.
我将 local.myapp.test(我从中运行 SPA 的 URL)添加到 Internet 选项中的本地 Intranet 区域,现在 Edge 很高兴不需要 Fiddler.
I added local.myapp.test (the URL I'm running my SPA from) to the Local Intranet zone in Internet Options and now Edge is happy without the need for Fiddler.
这篇关于为什么 CORS 请求在 Microsoft Edge 中失败但在其他浏览器中有效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
