CORS:Firefox不会在成功的OPTIONS请求后发送POST请求...适用于Chrome和IE [英] CORS: Firefox does not send POST Request after successful OPTIONS request ... works in Chrome and IE
问题描述
这适用于Chrome和IE,但不适用于Firefox(26)。
OPTIONS请求返回状态200,但Firefox不发送后续POST
请求标头选项..
访问 - 控制请求标头:内容类型
访问控制请求方法:POST
响应标头 br>
安全性
访问控制 - 允许凭证:true
访问控制允许标头:X-File-Upload内容类型
访问控制 - 允许方法:POST选项
访问控制允许原因:*
IE和Chrome发送后续POST方法,一切正常,但Firefox不发送POST请求。我知道这是因为(a)我检查了Firefox调试器的净流量,(b)服务器没有得到POST请求。
不确定这是相关的,但这里有一些额外的信息:
X-File-Upload是我使用的商业jQuery文件上传包所需的自定义标头
I我使用jQuery ajax发出POST请求
这是一个Firefox错误还是我做错了什么?我如何调试这个?
任何帮助或见解非常感谢。提前感谢。
允许的标头/方法/ ...的列表必须以逗号分隔,而不是以空格:
访问控制允许标头:X-File-上传,内容类型
Access-允许方法:POST,OPTIONS
虽然对于当前的用例可能没有问题,在以下两个标题中:
访问控制允许证书:true
访问控制允许原:*
请删除 Access-Control-Allow-Credentials:true
,或设置非通配符
Access-Control-Allow-Origin
响应标头(例如 http://example.com
),因为您在使用通配符来源时无法共享凭据。 字符串*不能用于支持凭据的资源。
This works with Chrome and IE, but not Firefox(26).
The OPTIONS request returns status 200, but still Firefox does not send the follow-up POST request like Chrome and IE do.
Request Headers
OPTIONS ..
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Response Headers
Security
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-File-Upload content-type
Access-Control-Allow-Methods:POST OPTIONS
Access-Control-Allow-Origin:*
Both IE and Chrome send the follow-up POST method and everything works fine, but Firefox does not send the POST request. I know this because (a) I checked the net traffic in the Firefox debugger and (b) the server does not get the POST request.
Not sure this is relevant but here's some additional info:
X-File-Upload is a custom header needed for a commercial jQuery file upload package I am using
I am using jQuery ajax to make the POST requests
Is this a Firefox bug or am I doing something wrong? How do I even go about debugging this??
Any help or insights greatly appreciated. Thanks in advance.
The list of allowed headers / methods / ... have to be separated by commas, not by whitespace:
Access-Control-Allow-Headers: X-File-Upload, content-type
Access-Control-Allow-Methods: POST, OPTIONS
Although probably not problematic for your current use case, you should also look at the following two headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:*
Either remove Access-Control-Allow-Credentials: true
, or set a non-wildcard Access-Control-Allow-Origin
response header (e.g. http://example.com
), because you cannot share credentials when a wildcard origin is used. "The string "*" cannot be used for a resource that supports credentials."
这篇关于CORS:Firefox不会在成功的OPTIONS请求后发送POST请求...适用于Chrome和IE的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!