CORS withCredentials XHR预检不会在Firefox中发布Cookie [英] CORS withCredentials XHR preflight not posting Cookies in Firefox
问题描述
我想做一个CORS XHR post w /凭证。它的工作原理伟大在Chrome,但不是在Firefox。 Cookie不存在于预先请求标头中,因此我看到了一个302.这在Chrome中完美工作,因为Cookie位于预先请求标头中,随后的POST通过。
I'm trying to do a CORS XHR post w/ credentials. It works great in Chrome, but not in Firefox. The cookies are not present in the pre-flight request headers, and so I'm seeing a 302. This works perfectly in Chrome, as cookies are in the pre-flight request headers and the subsequent POST goes through.
为什么在FF中不起作用?我缺少什么?
Why wouldn't this work in FF? What am I missing?
// assume url, boundEventHandler and uploadData are defined, as this definitely works in Chrome
var xhr = new XMLHttpRequest();
xhr.open("POST", url, true);
xhr.addEventListener ("readystatechange", boundEventHandler, false);
xhr.withCredentials = true; // FWIW, I've also tried the string 'true'
xhr.send(uploadData);
任何想法?我看到一些帖子说,我可以在服务器端代理请求,但我希望得到这个工作符合/ CORS规范。
Any ideas? I see some posts that say I can proxy the request on the server side, but I'd prefer to get this working in accordance w/ the CORS spec.
谢谢!
推荐答案
按照规范http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#preflight-request 预检请求不包括Cookie。具体来说,规范说:
Per spec at http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#preflight-request the preflight request never includes cookies. Specifically, the spec says:
- 排除用户凭据。
,并链接到 http://dvcs.w3 .org / hg / cors / raw-file / tip / Overview.html#user-credentials 说明:
The term user credentials for the purposes of this specification means
cookies, HTTP authentication, and client-side SSL certificates.
也就是说,上面引用的代码段不应该包含预检:上传事件监听器,该方法是一样简单的方法,并且没有设置作者头。所以如果你真的看到预检请求,第一个问题是为什么会发生。您在Firefox中有任何扩展程序可能会调试您的XMLHttpRequest对象吗?
That said, the code snippet you quote above shouldn't involve a preflight at all: there are no upload event listeners, the method is as simple method, and there are no author headers set. So if you're really seeing a preflight request, the first question is why that's happening. Do you have any extensions in Firefox that might be munging your XMLHttpRequest object?
这篇关于CORS withCredentials XHR预检不会在Firefox中发布Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
