CORS POST 请求不起作用 - 选项(错误请求) - 不允许来源

CORS POST Requests not working - OPTIONS (Bad Request) - The origin is not allowed(CORS POST 请求不起作用 - 选项(错误请求) - 不允许来源)
本文介绍了CORS POST 请求不起作用 - 选项(错误请求) - 不允许来源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在获取跨域 POST 请求以访问最新 beta 2 版本中的 Api 控制器时遇到了很多麻烦.

Chrome(和其他浏览器)吐槽:

OPTIONS http://api.hybridwebapp.com/api/values 400(错误请求)发布 http://api.hybridwebapp.com/api/values 404(未找到)

它可能与

还有错误:

来源 http://hybridwebapp.com 不允许

这完全矛盾,就好像它忽略了标题一样.

解决方案

好的,我已经通过了.这一定是我遇到过的最奇怪的问题.以下是如何解决"它:

  1. 继续像往常一样生活,直到突然无处可去对该域的 OPTIONS 请求开始返回 200 OK(而不是 400 Bad Request)并且 POST 永远不会发生(或者至少看起来没有'不是因为浏览器吞下了它)
  2. 意识到 Fiddler 的 OPTIONS 响应中神秘地包含Access-Control-Allow-XXX"的重复项.
  3. 尝试从您的 web.config 中删除以下语句,即使您清楚地记得尝试修复之前的问题但它不起作用:

删除这个:

 <http协议><customHeaders><remove name="X-Powered-By"/><add name="Access-Control-Allow-Origin" value="http://mydomain.com"/><add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Origin"/><add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS"/></customHeaders></http协议>

因为你已经有了这个:

 var enableCorsAttribute = new EnableCorsAttribute("http://mydomain.com","来源、内容类型、接受",获取、放置、发布、删除、选项");config.EnableCors(enableCorsAttribute);

道德:你只需要一个.

I'm having a lot of trouble getting a cross domain POST request to hit an Api controller in the latest beta 2 release.

Chrome (and other browsers) spit out:

OPTIONS http://api.hybridwebapp.com/api/values 400 (Bad Request)
POST http://api.hybridwebapp.com/api/values 404 (Not Found) 

It may be related to this issue but I have applied that workaround and several other fixes such as web.config additions here

I've been banging my head with this for a while so I created a solution to reproduce the problem exactly.

Load the web app there will be 2 buttons one for GET one for POST and the response will appear next to the button. GET works. Cannot get POST to return successfully.

I'm able to get a hint at the cause from Fiddler but it makes no sense because if you look at the response it DOES include the domain in the Access-Controll-Allow-Origin header:

There is a folder in the solution called "ConfigurationScreenshots" with a few screenshots of the IIS configuration (website bindings) and Project properties configurations to make it as easy as possible to help me :)

EDIT: Don't forget to add this entry to host file (%SystemRoot%system32driversetc):

 127.0.0.1     hybridwebapp.com  api.hybridwebapp.com

**STATUS: ** It seems that some browsers like Chrome allow me to proceed with the POST regardless of the error message in the OPTIONS response (while others like Firefox don't). But I don't consider that solved.

Look at the Fidler screenshots of the OPTIONS request it has

Access-Control-Allow-Origin: http://hybridwebapp.com

And yet the error:

The origin http://hybridwebapp.com is not allowed

That is completely contradictory it's as if it's ignoring the header.

解决方案

Ok I got past this. This has got to be the strangest issue I've ever encountered. Here's how to "solve" it:

  1. Continue on with life as usual until suddenly out of no where OPTIONS requests to this domain begin returning 200 OK (instead of 400 Bad Request) and POST never happens (or at least seems like it doesn't because the browser swallows it)
  2. Realize that Fiddler's OPTIONS response mysteriously contains duplicates for "Access-Control-Allow-XXX".
  3. Try removing the following statement from you web.config even though you clearly remember trying that to fix the previous issue and it not working:

Remove this:

    <httpProtocol>
       <customHeaders>
         <remove name="X-Powered-By" />
         <add name="Access-Control-Allow-Origin" value="http://mydomain.com" />
         <add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Origin" />
         <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
       </customHeaders>
    </httpProtocol>

Because you already have this:

 var enableCorsAttribute = new EnableCorsAttribute("http://mydomain.com",
                                                   "Origin, Content-Type, Accept",
                                                   "GET, PUT, POST, DELETE, OPTIONS");
        config.EnableCors(enableCorsAttribute);

Moral: You only need one.

这篇关于CORS POST 请求不起作用 - 选项(错误请求) - 不允许来源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

c# Generic Setlt;Tgt; implementation to access objects by type(按类型访问对象的C#泛型集实现)
InvalidOperationException When using Context Injection in ASP.Net Core(在ASP.NET核心中使用上下文注入时发生InvalidOperationException)
how do i pass parameters to aspnet reportviewer(如何将参数传递给aspnet report查看器)
Bind multiple parameters from route and body to a model in ASP.NET Core(在ASP.NET Core中将路由和主体中的多个参数绑定到一个模型)
Custom model binding in AspNet Core WebApi?(AspNet Core WebApi中的自定义模型绑定?)
How to minify in .net core mvc view?(如何在.Net核心MVC视图中缩小?)