ajax 如何禁止预检请求,ajax - 预检请求正常，然后，在auth之后，响应不包含allow cors标头 - 堆栈内存溢出...

2023-11-24 12:25:35

在IIS 8.5上部署的Asp MVC 5应用程序。需要从许多客户端启用ajax请求。

服务器端我有WebApiConfig.cs

config.EnableCors();

在控制器中：

[EnableCors(origins: "http://localhost:59901", headers: "*", methods: "*", SupportsCredentials = true)]

public class ItemController : Controller

客户端

$("#getItem").on("click", function (e) {

var myurl = "http://servername/item/details/1"

$.ajax({

url: myurl,

type: "GET",

dataType: "JSON",

xhrFields: {

withCredentials: true

contentType: "application/json; charset=utf-8",

error: function (jqXHR, textStatus, errorThrown) {

$('#result').text(jqXHR.responseText || textStatus);

success: function (result) {

$('#result').text(result);

}

});

从VisualStudio Origin运行客户端是http：// localhost：59901 。

运行ajax请求我在fiddler中得到以下内容：

1.飞行前请求/响应

OPTIONS http://vrtsrv01.webdev.local/item/details/1 HTTP/1.1

Host: vrtsrv01.webdev.local

Connection: keep-alive

Access-Control-Request-Method: GET

Origin: http://localhost:59901

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Access-Control-Request-Headers: content-type

Accept: */*

Referer: http://localhost:59901/Home/Index

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en-US,en;q=0.8,it;q=0.6,it-IT;q=0.4

HTTP/1.1 200 OK

Server: Microsoft-IIS/8.5

Access-Control-Allow-Origin: http://localhost:59901

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, MaxDataServiceVersion

Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS

Access-Control-Allow-Credentials: true

X-Powered-By: ASP.NET

Date: Sat, 13 May 2017 15:34:54 GMT

Content-Length: 0

2. GET请求没有凭据/ 401错误响应

GET http://vrtsrv01.webdev.local/item/details/1 HTTP/1.1

Host: vrtsrv01.webdev.local

Connection: keep-alive

Accept: application/json, text/javascript, */*; q=0.01

Origin: http://localhost:59901

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Content-Type: application/json; charset=utf-8

Referer: http://localhost:59901/Home/Index

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en-US,en;q=0.8,it;q=0.6,it-IT;q=0.4

HTTP/1.1 401 Unauthorized

Cache-Control: private

Content-Type: text/html

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

X-Powered-By: ASP.NET

Date: Sat, 13 May 2017 15:34:54 GMT

Content-Length: 1352

Proxy-Support: Session-Based-Authentication

401 - Autorizzazione negata: accesso negato a causa di credenziali non valide.

....

Errore del server

....

3.使用NTLM令牌对GET请求进行身份验证/响应，而不允许使用CORS标头

GET http://vrtsrv01.webdev.local/item/details/1 HTTP/1.1

Host: vrtsrv01.webdev.local

Connection: keep-alive

Authorization: Negotiate <...ntlm token here ...>

Accept: application/json, text/javascript, */*; q=0.01

Origin: http://localhost:59901

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Content-Type: application/json; charset=utf-8

Referer: http://localhost:59901/Home/Index

Accept-Encoding: gzip, deflate, sdch

Accept-Language: en-US,en;q=0.8,it;q=0.6,it-IT;q=0.4

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Server: Microsoft-IIS/8.5

X-AspNetMvc-Version: 5.2

X-AspNet-Version: 4.0.30319

Persistent-Auth: true

X-Powered-By: ASP.NET

Date: Sat, 13 May 2017 15:34:58 GMT

Content-Length: 8557

{"id":1, .....}

题

为什么在为CORS启用MVC应用程序并查看对预检请求的正确响应后，NTLM身份验证后获得的响应不包含预期的Access-Control-Allow-Origin标头？

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！

标签：技术

上一篇 > thymeleaf ajax传两个值,如何将Params传递给Thymeleaf Ajax Fragment
下一篇 > 安装Android studio 出现的问题及解决办法

Duilib中list控件支持ctrl和shif多行选中的实现

[ICML2015]Batch Normalization:Accelerating Deep Network Training by Reducing Internal Covariate Shif

win10系统微软输入法于eclipse ctrl+shif+f冲突间接处理办法

Codeforces Round #259 (Div. 2) B. Little Pony and Sort by Shif

读LDD3，内存映射与DMA--PAGE_SHIF…

VMware虚拟机安装XP【要先分区，再设置BOOT 启动CD，shif+上移】

更换iBus五笔的左与右Shif

sublime ctrl+shif+f 没用解决办法

idea 对 ctrl + z 的撤销是 ctrl + shif + z

计算机最早的设计师应用于,计算机应用基础选择题doc.doc

win10自带截图神器：Win+Shift+S

Python基础之文件目录操作

python简述目录_Python基础之文件目录操作(示例代码)

tp5 如何做数据采集

任务2-7(服务器字体+阿里巴巴矢量库)

html标签（1)：h1~h6,p,br,pre,hr

TI 电量计介绍与芯片选型指南

几款TI电源芯片简介

TI DSP芯片C2000系列读取FLASH数据

德州仪器(Ti)平台嵌入式开发基础

TI三相电机智能栅极驱动芯片特点分类

省选模拟（12.08） T3 圈圈圈圈圈圈圈圈

Hadoop生态圈技术栈（上）

大数据开发基础入门与项目实战（三）Hadoop核心及生态圈技术栈之6.Impala交互式查询

小猿圈之Linux下Mysql 操作命令

大数据Hadoop生态圈常用面试题

大数据开发基础入门与项目实战（三）Hadoop核心及生态圈技术栈之4.Hive DDL、DQL和数据操作

备战Noip2018模拟赛11（B组）T3 Monogatari 物语

【智能优化算法-圆圈搜索算法】基于圆圈搜索算法Circle Search Algorithm求解单目标优化问题附matlab代码

NYOJ 78 圈水池

递归问题跑道汽车绕圈问题 Python实现

Hadoop生态圈（三）：MapReduce

ajax 如何禁止 预检请求,ajax - 预检请求正常，然后，在auth之后，响应不包含allow cors标头 - 堆栈内存溢出...

Errore del server

相关文章

ajax 如何禁止预检请求,ajax - 预检请求正常，然后，在auth之后，响应不包含allow cors标头 - 堆栈内存溢出...