Access-Control-Allow-Headers列表中不存在请求标头
jao*_*jao 8 internet-explorer asp.net-web-api2
在我的API中,我有以下代码:
public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{
public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
if (context.OwinContext.Request.Method == "OPTIONS" && context.IsTokenEndpoint)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers",
new[] {
"access-control-allow-origin",
"accept",
"x-api-applicationid",
"content-type",
"authorization"
});
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.OwinContext.Response.StatusCode = (int)HttpStatusCode.OK;
context.RequestCompleted();
return Task.FromResult<object>(null);
}
return base.MatchEndpoint(context);
}
// ... even more code, but not relevant
}
当我从Chrome连接到此API时,一切都很完美.当我从同一台计算机连接到同一个API,但只从另一个浏览器Internet Explorer 11,我收到以下错误:
SEC7123:Access-Control-Allow-Headers列表中不存在请求标头x-api-applicationid.
我调试了代码,我看到标题已添加到响应中.甚至IE显示标题:
IE期待什么?
更新
如果我更改标题的顺序
new[] {
"access-control-allow-origin",
"accept",
"x-api-applicationid",
"content-type",
"authorization"
}
至:
new[] {
"content-type",
"accept",
"access-control-allow-origin",
"x-api-applicationid",
"authorization"
}
错误消息更改为:
SEC7123:Access-Control-Allow-Headers列表中不存在请求标头access-control-allow-origin.
因此它总是在第三个标题上给出错误.
确保它不像 AJAX 中内容类型标头的拼写错误那么简单。我通过带有application/x-www-form-urlencoded内容类型的 OPTIONS 预检得到了这个,这不需要预检,但我有
content-type: application/x-www-form-urlencoded
代替
application/x-www-form-urlencoded
作为我的contentType选择。
错误的:
$.ajax({
url: 'http://www.example.com/api/Account/Token',
contentType: 'content-type: application/x-www-form-urlencoded',
method: 'POST',
data: {
grant_type: "password",
username: $('#username').val(),
password: $('#password').val()
},
});
对:
$.ajax({
url: 'http://www.example.com/api/Account/Token',
contentType: 'application/x-www-form-urlencoded',
method: 'POST',
data: {
grant_type: "password",
username: $('#username').val(),
password: $('#password').val()
},
});
我在这里找到了一段代码,它为我解决了这个问题。
//Startup.cs
public void ConfigureOAuth(IAppBuilder app)
{
app.Use(async (context, next) =>
{
IOwinRequest req = context.Request;
IOwinResponse res = context.Response;
if (req.Path.StartsWithSegments(new PathString("/oauth2/token")))
{
var origin = req.Headers.Get("Origin");
if (!string.IsNullOrEmpty(origin))
{
res.Headers.Set("Access-Control-Allow-Origin", origin);
}
if (req.Method == "OPTIONS")
{
res.StatusCode = 200;
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization", "content-type", "x-api-applicationid", "access-control-allow-origin");
return;
}
}
await next();
});
// rest of owin Oauth config
}
我MatchEndpoint从 CustomOAuthProvider.cs 中删除了该方法
| 归档时间: |
|
| 查看次数: |
10973 次 |
| 最近记录: |