什么会导致Internet Explorer替换HTTP标头
Authorization : Bearer <server-provided-token>
同
Authorization : Negotiate <some token>
在发出AJAX请求时?
细节
在Internet Explorer中,Authorization: Bearer ...Internet Explorer使用标头发送一些配置为包含标头的AJAX请求Authorization: Negotiate ....
例如,Fiddler显示三个请求中的前两个包含Authorization : Bearer...标题,而第三个请求突然包含Authorization : Negotiate...标题.前两个请求成功,第三个请求失败,因为无法正确验证请求.
所有请求都是使用相同的客户端代码构建的,并且是一个接一个地进行的(在一秒的范围内).我已经验证了Authorization标头Bearer在所有三种情况下都正确包含令牌,直到请求提供给浏览器为止.
另外,我在Chrome中看不到相同的行为; 它只发生在IE中.
要求1
GET http://localhost/myapp/api/User HTTP/1.1 Accept: application/json, text/plain, */* Authorization: Bearer oEXS5IBu9huepzW6jfh-POMA18AUA8yWZsPfBPZuFf_JJxq-DKIt0JDyPXSiGpmV_cpT8FlL3D1DN-Tv5ZbT73MTuBOd5y75-bsx9fZvOeJgg04JcO0cUajdCH2h5QlMP8TNwgTpHg-TR9FxyPk3Kw6bQ6tQCOkOwIG_FmEJpP89yrOsoYJoCfrAoZ7M4PVcik9F9qtPgXmWwXB2eHDtkls44wITF_yM_rPm5C47OPCvMVTPz30KwoEPi6fHUcL3qHauP-v9uypv2e48TyPHUwLYmNFxyafMhBx4TkovnRcsdLHZiHmSjMq0V9a2Vw70 Referer: http://localhost/client/login.html Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: localhost DNT: 1 Connection: Keep-Alive
要求2
POST http://localhost/myapp/api/Permissions HTTP/1.1 Referer: …