CORS错误 - 在请求的资源上没有“Access-Control-Allow-Origin”头 [英] CORS error - No 'Access-Control-Allow-Origin' header is present on the requested resource

查看:8177
本文介绍了CORS错误 - 在请求的资源上没有“Access-Control-Allow-Origin”头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用Angular前端连接到WEB API 2后端。失败的用例如下。当用户注册时,在成功注册时,他们必须登录到系统并被重定向到新页面以收集进一步的信息。我使用TOKENS进行身份验证。



我已在WebAPI配置中启用CORS:

  var cors = new EnableCorsAttribute(http:// localhost:7812,*,*); 
config.EnableCors(cors);

注册请求成功,响应头包含必需的CORS头:

  ** Access-Control-Allow-Credentials:true 
Access-Control-Allow-Origin:http:// localhost:7812 **
Content-Length:0
Date:Sun,24 Aug 2014 09:31:55 GMT
服务器:Microsoft-IIS / 8.0
X-Powered- By:ASP.NET
的X来源档案:????= UTF-的8B QzpcUHJvamVjdHNcVGVzdGluZ1xNYWx0QXBhcnRtZW50c1xNYWx0YXBhcnRtZW50cy5BUElcTWFsdGFwYXJ0bWVudHMuQVBJXGFwaVxhY2NvdW50XHJlZ2lzdGVy =

在下一步我尝试登录用户到系统。作为登录的一部分,前端从请求URL:http:// localhost:7802 / token 向服务器请求一个TOKEN。请求头再次发送一个Origin头 Origin:http:// localhost:7812 但这次我得到错误: XMLHttpRequest不能加载http: // localhost:7802 / token。在所请求的资源上没有Access-Control-Allow-Origin头。因此,不允许访问原始'http:// localhost:7812'。



任何人都有任何想法?

$ b $在处理CORS时,我们需要记住,浏览器可能会发送两个非GET请求的请求。通常有预检(OPTIONS)请求,然后是实际请求(POST)。在预检请求期间,服务器需要添加与请求始发标头匹配的值的 Access-Control-Allow-Origin 标头。这授权后续请求被发送。



对于后续/实际请求,服务器还需要添加 Access-Control-Allow-Origin 标头。否则,此请求失败。



使用OWIN OAuthAuthorizationServerProvider时,我们需要自定义 MatchEndpoint 处理程序来管理标头逻辑。此处理程序在验证客户端身份验证之前执行。



有关更多背景信息,请查看此链接: http://www.ozkary.com/2016/04/web-api-owin-cors-handling-no -access.html


I am using an Angular front end to connect to a WEB API 2 backend. The failing use case is the following. When a user registers, on successful registration, they must be logged into the system and be redirected to a new page to collect further information. I am using TOKENS for authentication.

I have enabled CORS in the WebAPI config:

 var cors = new EnableCorsAttribute("http://localhost:7812", "*", "*");
        config.EnableCors(cors);   

The registration request is successful and the response headers have the required CORS headers:

**Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:7812**
Content-Length:0
Date:Sun, 24 Aug 2014 09:31:55 GMT
Server:Microsoft-IIS/8.0
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?QzpcUHJvamVjdHNcVGVzdGluZ1xNYWx0QXBhcnRtZW50c1xNYWx0YXBhcnRtZW50cy5BUElcTWFsdGFwYXJ0bWVudHMuQVBJXGFwaVxhY2NvdW50XHJlZ2lzdGVy?=

In the next step I attempt to log in the user to the system. As part of the login, the front end requests a TOKEN from the server at Request URL:http://localhost:7802/token. The request header once again sends a Origin header Origin:http://localhost:7812 but this time I get the error : XMLHttpRequest cannot load http://localhost:7802/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:7812' is therefore not allowed access.

Anyone have any ideas?

解决方案

When dealing with CORS, we need to keep in mind that there may be two requests sent by the browsers for a non GET request. There is usually the preflight (OPTIONS) request and then the actual request (POST). During the preflight requests, the server needs to add the Access-Control-Allow-Origin header with the value matching the request Origin header. This authorizes the subsequent request to be sent.

For the subsequent/actual request, the server also needs to add the Access-Control-Allow-Origin header. Otherwise, this request fails.

When using the OWIN OAuthAuthorizationServerProvider, we need to customize the MatchEndpoint handler to manage the header logic. This handler is executed before validate client authentication.

For more background information, look at this link: http://www.ozkary.com/2016/04/web-api-owin-cors-handling-no-access.html

这篇关于CORS错误 - 在请求的资源上没有“Access-Control-Allow-Origin”头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆