CORS和内部服务器错误响应 [英] CORS and Internal Server Error responses
问题描述
在ASP.NET WebApi2中,如果发生内部服务器错误,则会发送无 Access-Control-Allow-Origin标头的500响应,即使 CORS已启用。
In ASP.NET WebApi2 if there is an internal server error, a 500 Response is sent without the Access-Control-Allow-Origin header, even when CORS is enabled.
以报告CORS错误,而不是内部服务器错误。
This leads the browser to report a CORS error, not an internal server error.
我假设处于错误状态的服务器可能无法报告它将响应的起点在我看来,浏览器应该处理这种异常情况,并报告内部错误,而不是CORS一个。
I suppose a server in an erroneous state might not be able to report on the origins it will respond to so it seems to me like the browser should handle this exceptional case and report the internal error, rather than the CORS one.
A)有一种方法来获取内部服务器错误
A ) Is there a way to get the internal server error to show up in the browser as the reason my request failed?
B)是否应该在浏览器中针对此问题提出问题?
B ) Should an issue be raised with the browser regarding this?
推荐答案
根据CORS规范,如果响应不包含对跨源请求的正确确认,用户代理(浏览器)不应显示任何关于请求的内容。所以,浏览器都遵循规范,没有什么可以做到这一点。如果要以编程方式显示客户端的底层响应状态,您的服务器将需要通过包含相应的Access-Control-Allow头来正确地确认跨源请求。
According to the CORS spec, the user agent (browser) should not reveal anything about the request if the response does not contain proper acknowledgement of the cross-origin request. So, the browsers are following the spec, and there is nothing more that can be done about this. If you want to programmatically reveal the underlying response status client-side, your server will need to properly acknowledge the cross-origin request by including the appropriate Access-Control-Allow header(s).
这篇关于CORS和内部服务器错误响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
