Internet Explorer的10无视XMLHtt prequest'xhr.withCredentials =真正的' [英] Internet Explorer 10 is ignoring XMLHttpRequest 'xhr.withCredentials = true'
问题描述
我目前有一个问题,跨域Ajax调用使用IE10(在IE10模式,不兼容)。
I’m currently having an issue with a cross-domain ajax call using IE10 (in IE10 mode, not compatibility).
情况:
我有两个域,的http://一个和的http:// B 。我对 HTTP cookie中集:// B 。我目前网页的http://一个
Situation:
I have two domains, http://a and http://b. I have a cookie set for http://b. I am currently on page http://a.
我希望做一个CORS请求的http:// B 使用XMLHtt prequest(这应该工作,根据<一href="http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx">http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx),与包括在请求中的cookie。
该JS如下:
I want to do a CORS request to http://b using XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request.
The JS is as follows:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
此应该确保该cookie附加到请求;然而,菲德勒跟踪显示没有cookie被连接,我也得到 401:访问被拒绝
This should ensure that the cookie is attached to the request; however, the Fiddler trace shows that no cookie is attached, and I get 401: Access Denied.
该服务器配置了CORS的工作,它包含Access-Control头:
The server is configured to work with CORS, it includes the Access-Control headers:
Access-Control-Allow-Origin: http://a
Access-Control-Allow-Credentials: true
(这应该没有什么差别,因为没有股权preflight请求,而第一个请求IE将是一个GET,和小甜饼并不是present,从而导致401)。
(this should not make any difference, since there is no OPTIONS preflight request, and the first request IE sends is a GET, and the cookie is not present, thus causing a 401).
此外,JS代码段工作正常在Firefox和Opera。
Furthermore, the JS snippet works fine in both Firefox and Opera.
推荐答案
这也许是老的IE P3P问题。与IE浏览器的默认设置,如果一个Cookie设置没有P3P头也present的响应,该cookie将被标记为第一方只。这意味着,在一个第三方的背景下,如一个iframe或CORS请求时,IE将拒绝发送Cookie。
It's probably the same old IE P3P issue. With IE's default settings, if a cookie is set without a P3P header also present in the response, the cookie is marked as "first-party only". Which means that in a third-party context, such as an iframe or a CORS request, IE will refuse to send the cookie.
要解决这个问题,你需要设置饼干时提供P3P头。请参见 http://msdn.microsoft.com/ EN-US /库/ ms537343%28V = vs.85%29.aspx 了解详细信息。
To fix it, you need to supply a P3P header when setting the cookies. See http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx for details.
更新:链接现在是死了,但你可以看到它<一个href="https://web.archive.org/web/20130308142134/http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx"相对=nofollow>互联网档案
Update: Link is now dead, but you can see it at the Internet Archive
这篇关于Internet Explorer的10无视XMLHtt prequest'xhr.withCredentials =真正的'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
