pre-航班选择请求无通过HTTPS [英] Pre-flight OPTIONS request failing over HTTPS

问题描述

一个CORS POST请求（AJAX）通过我的客户端服务器所做的（在Apache上运行@ 443端口），以我的REST服务器（Tomcat上运行@端口8443），未能触发，当试图通过HTTPS。

A CORS POST request (AJAX) made by my client server (running on Apache @ port 443) to my REST server (running on Tomcat @ port 8443), fails to trigger when tried over HTTPS.

请注意，所有的请求，正常不使用SSL。

Please note that all the requests function properly without SSL.

我已经设置了 withCredentials：真正的选项请求领域。而我的Tomcat服务器也需要相应的头文件的护理：

I have already set the withCredentials: true options in the request fields. And my Tomcat server also takes care of the appropriate headers :

response.addHeader("Access-Control-Allow-Origin", "https://localhost");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers", "Content-Type");
response.addHeader("Access-Control-Allow-Methods", "OPTIONS, POST");

我也尝试使用卷曲，但问题依然存在通过SSL。但是，Tomcat服务器响应我的所有请求时在<直接尝试href="https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en"相对=nofollow>邮差 /通过浏览器。

I also tried using Curl, but the issue persisted over SSL. However, the Tomcat server responds to all my requests when tried directly over Postman/through the browser.

有人能告诉我什么，我错过了吗？

Could someone tell me what I'm missing out here?

推荐答案

我假设这是一个问题的preflight请求。有两种类型的CORS请求：简单，不那么简单。

I'm assuming this is an issue with the preflight request. There are two types of CORS requests: simple, and not-so-simple.

最简单的一种是无论是GET或POST没有自定义页眉的内容类型文本/纯。

The simple kind is either a GET or POST with no custom headers whose content type is "text/plain".

不那么简单的一种是使用自定义页眉，比采用其它POST或GET请求方法，并使用不同的内容主体类型的任何请求。这些请求将是preflighted;即，浏览器将代表客户一个preflight请求以确定服务器是否允许该请求。在preflight请求使用OPTIONS方法。我愿意，如果你使用类似萤火虫来看看这是怎么回事，你会看到这样的事情在网络选项卡打赌：OPTIONS活动与中止状态

The not-so-simple kind is any request using custom headers, utilising request methods other than POST or GET, and using different content body types. These requests will be "preflighted"; that is the browser will make a preflight request on the clients behalf in order to determine whether or not the server will allow this request. The preflight request uses the OPTIONS method. I'm willing to bet if you use something like Firebug to have a look what's going on you'll see something like this in the Net tab: "OPTIONS activity" with a status of "Aborted".

不幸的是，preflight请求的客户端证书没有传递到这就是为什么你的要求是不能触发服务器。你需要禁用双向SSL为了得到它的工作。在Apache中，你可以尝试改变SSLVerifyClient为：

Unfortunately the preflight request doesn't pass the client certificate to the server which is why your request is failing to trigger. You need to disable two way SSL in order to get it working. In Apache you can try changing the SSLVerifyClient to:

SSLVerifyClient optional

我用这个之前，为了让我的跨域Ajax调用工作通过HTTPS。

I've used this before in order to get my cross domain AJAX calls working over HTTPS.

祝你好运。

这篇关于pre-航班选择请求无通过HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！