Access-control-expose-headers在Safari 5.1.7中不起作用 [英] Access-control-expose-headers doesn't work in Safari 5.1.7

查看:749
本文介绍了Access-control-expose-headers在Safari 5.1.7中不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以我一直使用angularjs为我目前的项目,并使用CORS做一个http请求到服务器。我注意到,为了使跨域呼叫工作,服务器需要配置它的cors设置使用

 访问控制-Allow-Origin 
 Access-Control-Allow-Credentials

但实际上服务器需要对身份验证进行多层验证,因此当用户首次登录时,服务器返回 JSESSIONID ,并且客户端需要将自定义头部响应存储到会话中。但我似乎无法访问 JSESSIONID 。因此,服务器使用



重新配置CORS设置

 访问控制暴露标头
  / pre> 
 
 
现在可以正常工作。 不是在Safari上测试它时,我使用的每个$ http请求
  $ cookieStore.put(JSESSIONID,headers(JSESSIONID)); 
  
在我的客户端浏览器上设置会话,它总是返回一个 null 。但在其他浏览器它工作正常。 
 
 
 
完成一些研究后,我发现网站说 CORS 呼叫不支援Safari,特别是版本 5.1.7  
 
 
 
不太确定,因为我不知道我是否错过了这里是我的$ http请求代码
  $ http {
'method':'GET',
'url':'example.com/method',
'withCredentials':true,
'headers':{
'Content-Type':'application / json'
} 
})success(function(data,response,headers,status){
 $ cookieStore.put(JSESSIONID ,header(JSESSIONID)); 
 
 console.log($ cookieStore.get(JSESSIONID)); //它总是在Safari中返回一个null 
} 
  
,这是使用google chrome的服务器响应示例
 状态码:200 OK 
 
响应头
查看源
访问控制允许证书:true 
 Access-Control-Allow-Origin:http:// localhost:9000 
 Access-Control-Expose-Headers:Jsessionid 
 Content-Type:application / json 
 Date:Thu,25 2015年6月16:39:04 GMT 
服务器:Apache-Coyote / 1.1 
传输编码:分块
原因
 
请求头
视图source 
 Accept:application / json,text / plain,* / * 
 Accept-Encoding:gzip,deflate,sdch 
 Accept-Language:en-US,en; q = 0.8,id ; q = 0.6,ms; q = 0.4 
 authTokens:e8ea4bc3-efea-4aef-a845-a7d1f0003b83 
连接:keep-alive 
 Content-Type:application / json 
 Cookie :JSESSIONID = F1E104CA46A46E7BF7614D9191BAD4CD 
主机:deal01.customers.luna.net:9091 
 JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD 
原产地:http:// localhost:9000 
参考:http:// localhost :9000 / 
 User-Agent:Mozilla / 5.0(Windows NT 6.1; WOW64)AppleWebKit / 537.36(KHTML,like Gecko)Chrome / 43.0.2357.130 Safari / 537.36 
  
 
 
 
 
 
 
我最近遇到了同样的问题,并发现Safari 5.1需要指定的头文件 Access-Control-Expose-Headers  lowercased。 
 Ie 
  JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD 
访问控制 - 公开头:Jsessionid 
  
无效。
  JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD 
 Access-Control-Expose-Headers:JSESSIONID 
  
 
 
 < t工作。 
这样做:
  jsessionid:F1E104CA46A46E7BF7614D9191BAD4CD 
访问控制暴露标题:jsessionid 
  
 
So I've been using angularjs for my current projects and using CORS to do a http request to the server. I've noticed that in order to make cross domain call work, server needs to configure it's cors settings by using
Access-Control-Allow-Origin
Access-Control-Allow-Credentials

All works fine. But actually the server needs to do a multi layer validation for the authentication, so when user first login, server returns a JSESSIONID and client needs to store the custom headers response into a session. But it seems that I couldn't access the JSESSIONID. So server reconfigure the CORS settings using
Access-Control-Expose-Headers

all works fine now. BUT not when I test it on safari, every $http request that I've made and use
$cookieStore.put("JSESSIONID", headers("JSESSIONID"));

to set a session on my client browser, it always returns with a null. But on other browser it works fine. 



After done some research I found this site that says the CORS call doesn't support in Safari especially version 5.1.7



But I can't be too sure since I don't know if I missed something so here is my $http request code
$http({
   'method':'GET',
   'url':'example.com/method',
   'withCredentials':true,
   'headers': {
      'Content-Type': 'application/json'
   }
}).success(function(data, response, headers, status) {
      $cookieStore.put("JSESSIONID", headers("JSESSIONID"));

      console.log($cookieStore.get("JSESSIONID")); //it always returns with a null in Safari
});

and this is the example of server response using google chrome
Status Code:200 OK

Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:9000
Access-Control-Expose-Headers:Jsessionid
Content-Type:application/json
Date:Thu, 25 Jun 2015 16:39:04 GMT
Server:Apache-Coyote/1.1
Transfer-Encoding:chunked
Vary:Origin

Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,id;q=0.6,ms;q=0.4
authTokens:e8ea4bc3-efea-4aef-a845-a7d1f0003b83
Connection:keep-alive
Content-Type:application/json
Cookie:JSESSIONID=F1E104CA46A46E7BF7614D9191BAD4CD
Host:deal01.customers.luna.net:9091
JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD
Origin:http://localhost:9000
Referer:http://localhost:9000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36



 解决方案 
Pretty sure that's too late, but anyway.



I recently faced the same issue and was able to find that Safari 5.1 wants headers specified under Access-Control-Expose-Headers lowercased.
I.e.
JSESSIONID: F1E104CA46A46E7BF7614D9191BAD4CD
Access-Control-Expose-Headers: Jsessionid

doesn't work.
JSESSIONID: F1E104CA46A46E7BF7614D9191BAD4CD
Access-Control-Expose-Headers: JSESSIONID

Doesn't work either.
This does:
jsessionid: F1E104CA46A46E7BF7614D9191BAD4CD
Access-Control-Expose-Headers: jsessionid



                        
这篇关于Access-control-expose-headers在Safari 5.1.7中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

                        
                    

                    

                        查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆