重定向到 https://login.microsoftonline.com/的请求“不存在 'Access-Control-Allow-Origin' 标头" [英] “No 'Access-Control-Allow-Origin' header is present” for redirected request to https://login.microsoftonline.com/

问题描述

我正在尝试使用访问代码获取响应并获取:

I'm trying to get response with an access code and getting:

XMLHttpRequest 无法加载h...://login.microsoftonline.com/d331431b-899c-4666-8094-e82e6bfc3964/oaut...auth%2faad&scope=user_impersonation&state=033f4ad89a574135884fd3a03c1743ab".请求的资源上不存在Access-Control-Allow-Origin"标头.Origin 'http://localhost:23589' 因此不允许访问.

XMLHttpRequest cannot load "h...://login.microsoftonline.com/d331431b-899c-4666-8094-e82e6bfc3964/oaut…auth%2faad&scope=user_impersonation&state=033f4ad89a574135884fd3a03c1743ab". No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:23589' is therefore not allowed access.

使用了来自 ServiceStack、CORS 和 OPTIONS(无 Access-Control-Allow-Origin 标头) 讨论的所有建议:

Used all suggestions from the ServiceStack, CORS, and OPTIONS (No Access-Control-Allow-Origin header) discussion:

添加:

Plugins.Add(new CorsFeature(new[] { "http://localhost/", "http://localhost:23589" },
            allowCredentials: true,
            allowedHeaders: "Content-Type, Allow, Authorization"));

甚至:

PreRequestFilters.Add((httpReq, httpRes) =>
{
     //if (httpReq.Verb == "OPTIONS")
     //{
     //    var origin = httpReq.Headers.Get("Origin");
     string origin = httpReq.Headers.Get("Origin");
     httpRes.AddHeader(HttpHeaders.AllowOrigin,  "*");
     httpRes.EndRequest();
     // }
});

仍然没有运气.我们使用的是 ServiceStack 版本 4.0.56

Still no luck. We are using ServiceStack version 4.0.56

请求网址:

> https://login.microsoftonline.com/d331431b-899c-4666-8094-e82e6bfc3964/oauth2/authorize?response_type=code&resource=https%3a%2f%2fanalysis.windows.net%2fpowerbi%2fapi&client_id=0d3be5ed-3361-43f5-9d25-a5ccefb11f7e&redirect_uri=http%3a%2f%2flocalhost%3a23589%2fapi%2fauth%2faad&scope=user_impersonation&state=d6ef09f8064643ed914d4995562642be

Request Method:GET
Status Code:200 OK
Remote Address:157.55.208.218:443

响应标头:

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
x-ms-request-id: d2531fb2-2e97-4940-a15d-f3c6f1cd5e7b
client-request-id: 376b2cb0-e1d2-4749-a8b5-adfee1b3ceba
X-Frame-Options: DENY
x-ms-gateway-service-instanceid: ESTSFE_IN_344
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: buid=AAABAAEAiL9Kn2Z27UubvWFPbm0gLfvzURnxA_SU_2fqg40MIAq5oFqJPcrl7iSuhLgh52CsEbHynIx5Krpov-SlQ7tVxK9O3EWPdKHzur0dQHXgfE4FLI6Vmv3-HwokZIpKbXA2IAA; expires=Fri, 02-Dec-2016 17:25:56 GMT; path=/; secure; HttpOnly
Set-Cookie: esctx=AAABAAAAiL9Kn2Z27UubvWFPbm0gLdbqNasFxQzD3cBv92w234pND-QPmCQNU9pfwexBLi9fullMTJbXyFHlgwaIpWQHx6OpBt9rHaIVDwlxaAh7MqFmsrHiMcoXcWy55B0veMpU10kthlQdtj37nLx1_p3ocBF3tMJ822MGbR2D-Epr8iTW2AmiL46Q2oxA9gHfuwYBIAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly
Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Sun, 05 Jun 2016 17:25:55 GMT
Content-Length: 9602

请求标头:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Host:login.microsoftonline.com
Origin:http://localhost:23589
Referer:http://localhost:23589/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

我也尝试在 AppHost Configure 方法中添加此代码:

I also tried adding this code in AppHost Confugure method:

 base.SetConfig(new HostConfig
            {
                GlobalResponseHeaders = {
                    { "Access-Control-Allow-Origin", "*" },
                    { "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS" },
                    { "Access-Control-Allow-Headers", "Content-Type" },
                },
            });

来自提琴手:

请求头:

GET /d331431b-899c-4666-8094-e82e6bfc3964/oauth2/authorize?response_type=code&resource=https%3a%2f%2fanalysis.windows.net%2fpowerbi%2fapi&client_id=0d3be5ed-3361-43f5-9d25-a5ccefb11f7e&redirect_uri=http%3a%2f%2flocalhost%3a23589%2fapi%2fauth%2faad&scope=user_impersonation&state=3c41d4ea46a8408fb19fdf05ea07643a HTTP/1.1
Host: login.microsoftonline.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: application/json, text/plain, */*
Origin: http://localhost:23589
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Referer: http://localhost:23589/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,ru;q=0.6

响应标头:

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
x-ms-request-id: 70fcd73f-f880-4744-b896-6edc491b1d22
client-request-id: a52446b6-a7f0-4afb-ba23-8d27207ddb27
X-Frame-Options: DENY
x-ms-gateway-service-instanceid: ESTSFE_IN_19
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: buid=AAABAAEAiL9Kn2Z27UubvWFPbm0gLWnOYMRRqrZRDzgogkab1uuAetOi-f1iLnpE1G5EU3xMkzYdvTgIs2Fz79S07PNcfnEry6eWS8RX_4k8awcIgY063VQ7VvWP6SRRvXfCgpJeIAA; expires=Fri, 02-Dec-2016 22:20:48 GMT; path=/; secure; HttpOnly
Set-Cookie: esctx=AAABAAAAiL9Kn2Z27UubvWFPbm0gLZemnOQ8vijuCpi6h8NzV-CjOfr0MZwZhb4Nfczf20C1TSXORoJbIHCbVBV_MmeuXTR1mbzh9GzFIBmi__ff0M-gGh02fol-sHPyKJnU7Zfi2cEYWensHvmiEJO9Tw5KbO8tWdZxl-XDi7V5IZNNsJWp4LxTVVGkOeyOYieMfJ6mIAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly
Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Sun, 05 Jun 2016 22:20:49 GMT
Content-Length: 36210

推荐答案

问题是因为你试图通过 Ajax 调用 /api/auth/aad OAuth 路由而不是链接到它直接在您的页面中.

The issue is because you're trying to call the /api/auth/aad OAuth route via Ajax instead of linking to it directly in your page.

您无法通过 Ajax 调用 AAD OAuth 路由，因为它重定向到的 url 用于捕获客户端授权 (https://login.microsoftonline.com/..)t 允许您看到的错误中指示的 CORS.

You can't call the AAD OAuth route via Ajax since the url it redirects to that's used to capture the clients authorization (https://login.microsoftonline.com/..) doesn't allow CORS as indicated in the error that you're seeing.

这不是 ServiceStack CORS 问题，因为它托管在与HTML 页面.使用 Ajax 访问外部资源时需要 CORS(跨源资源共享)域(即 https://login.microsoftonline.com/..)因为它不允许 CORS，所以不会让您通过 Ajax 访问该 url.

This isn't a ServiceStack CORS issue which you don't need in order to talk to your local API's (i.e. http://localhost:23589) since its hosted in the same domain as the HTML page. CORS (Cross-origin resource sharing) is needed when using Ajax to access a resource outside of the domain (i.e. https://login.microsoftonline.com/..) which since it doesn't allow CORS will not let you access that url via Ajax.

这篇关于重定向到 https://login.microsoftonline.com/的请求“不存在 'Access-Control-Allow-Origin' 标头"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！