Access-control-expose-headers在Safari 5.1.7中不起作用 [英] Access-control-expose-headers doesn't work in Safari 5.1.7
问题描述
所以我一直使用angularjs为我目前的项目,并使用CORS做一个http请求到服务器。我注意到,为了使跨域呼叫工作,服务器需要配置它的cors设置使用
访问控制-Allow-Origin
Access-Control-Allow-Credentials
但实际上服务器需要对身份验证进行多层验证,因此当用户首次登录时,服务器返回 JSESSIONID ,并且客户端需要将自定义头部响应存储到会话中。但我似乎无法访问 JSESSIONID 。因此,服务器使用
重新配置CORS设置
访问控制暴露标头
/ pre>
现在可以正常工作。 但不是在Safari上测试它时,我使用的每个$ http请求
$ cookieStore.put(JSESSIONID,headers(JSESSIONID));
在我的客户端浏览器上设置会话,它总是返回一个
null
。但在其他浏览器它工作正常。
完成一些研究后,我发现此网站说 CORS 呼叫不支援Safari,特别是版本 5.1.7
不太确定,因为我不知道我是否错过了这里是我的$ http请求代码
$ http {
'method':'GET',
'url':'example.com/method',
'withCredentials':true,
'headers':{
'Content-Type':'application / json'
}
})success(function(data,response,headers,status){
$ cookieStore.put(JSESSIONID ,header(JSESSIONID));
console.log($ cookieStore.get(JSESSIONID)); //它总是在Safari中返回一个null
}
,这是使用google chrome的服务器响应示例
状态码:200 OK
响应头
查看源
访问控制允许证书:true
Access-Control-Allow-Origin:http:// localhost:9000
Access-Control-Expose-Headers:Jsessionid
Content-Type:application / json
Date:Thu,25 2015年6月16:39:04 GMT
服务器:Apache-Coyote / 1.1
传输编码:分块
原因
请求头
视图source
Accept:application / json,text / plain,* / *
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en; q = 0.8,id ; q = 0.6,ms; q = 0.4
authTokens:e8ea4bc3-efea-4aef-a845-a7d1f0003b83
连接:keep-alive
Content-Type:application / json
Cookie :JSESSIONID = F1E104CA46A46E7BF7614D9191BAD4CD
主机:deal01.customers.luna.net:9091
JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD
原产地:http:// localhost:9000
参考:http:// localhost :9000 /
User-Agent:Mozilla / 5.0(Windows NT 6.1; WOW64)AppleWebKit / 537.36(KHTML,like Gecko)Chrome / 43.0.2357.130 Safari / 537.36
我最近遇到了同样的问题,并发现Safari 5.1需要指定的头文件
Access-Control-Expose-Headers
lowercased。
IeJSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD
访问控制 - 公开头:Jsessionid
无效。
JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD
Access-Control-Expose-Headers:JSESSIONID
< t工作。
这样做:jsessionid:F1E104CA46A46E7BF7614D9191BAD4CD
访问控制暴露标题:jsessionid
So I've been using angularjs for my current projects and using CORS to do a http request to the server. I've noticed that in order to make cross domain call work, server needs to configure it's cors settings by using
Access-Control-Allow-Origin Access-Control-Allow-Credentials
All works fine. But actually the server needs to do a multi layer validation for the authentication, so when user first login, server returns a JSESSIONID and client needs to store the custom headers response into a session. But it seems that I couldn't access the JSESSIONID. So server reconfigure the CORS settings using
Access-Control-Expose-Headers
all works fine now. BUT not when I test it on safari, every $http request that I've made and use
$cookieStore.put("JSESSIONID", headers("JSESSIONID"));
to set a session on my client browser, it always returns with a
null
. But on other browser it works fine.After done some research I found this site that says the CORS call doesn't support in Safari especially version 5.1.7
But I can't be too sure since I don't know if I missed something so here is my $http request code
$http({ 'method':'GET', 'url':'example.com/method', 'withCredentials':true, 'headers': { 'Content-Type': 'application/json' } }).success(function(data, response, headers, status) { $cookieStore.put("JSESSIONID", headers("JSESSIONID")); console.log($cookieStore.get("JSESSIONID")); //it always returns with a null in Safari });
and this is the example of server response using google chrome
Status Code:200 OK Response Headers view source Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:http://localhost:9000 Access-Control-Expose-Headers:Jsessionid Content-Type:application/json Date:Thu, 25 Jun 2015 16:39:04 GMT Server:Apache-Coyote/1.1 Transfer-Encoding:chunked Vary:Origin Request Headers view source Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, sdch Accept-Language:en-US,en;q=0.8,id;q=0.6,ms;q=0.4 authTokens:e8ea4bc3-efea-4aef-a845-a7d1f0003b83 Connection:keep-alive Content-Type:application/json Cookie:JSESSIONID=F1E104CA46A46E7BF7614D9191BAD4CD Host:deal01.customers.luna.net:9091 JSESSIONID:F1E104CA46A46E7BF7614D9191BAD4CD Origin:http://localhost:9000 Referer:http://localhost:9000/ User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
解决方案Pretty sure that's too late, but anyway.
I recently faced the same issue and was able to find that Safari 5.1 wants headers specified under
Access-Control-Expose-Headers
lowercased. I.e.JSESSIONID: F1E104CA46A46E7BF7614D9191BAD4CD Access-Control-Expose-Headers: Jsessionid
doesn't work.
JSESSIONID: F1E104CA46A46E7BF7614D9191BAD4CD Access-Control-Expose-Headers: JSESSIONID
Doesn't work either. This does:
jsessionid: F1E104CA46A46E7BF7614D9191BAD4CD Access-Control-Expose-Headers: jsessionid
这篇关于Access-control-expose-headers在Safari 5.1.7中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文