CORS 内网 (http) 到互联网 (https) 我有哪些选择?
[英]CORS intranet (http) to internet (https) what are my options?
问题描述
I have some JS that is on some intranet application that's running on HTTP (this server/service is out of my control, run by the customer).
我有一些在 HTTP 上运行的 Intranet 应用程序上的 JS(这个服务器/服务不受我的控制,由客户运行)。 I operate the internet application and it must run on HTTPS for security purposes.我操作互联网应用程序,出于安全目的,它必须在 HTTPS 上运行。
I'm attempting to use XDomain but I'm finding that the cookies aren't being sent.我正在尝试使用XDomain,但我发现没有发送 cookie。 Is the problem that I'm going intranet to internet or that I'm going HTTP to HTTPS or some configuration problem?是我将 Intranet 连接到 Internet 还是将 HTTP 连接到 HTTPS 或某些配置问题?
I keep getting 401 when checking authentication of the user even after they have logged in.即使在用户登录后检查用户身份验证时,我也会收到 401。
I've verified the backend/internet service works as expected via a jsfiddle (ie Access-Control-Allow-Origin, etc. are all correct).我已经通过 jsfiddle 验证了后端/互联网服务按预期工作(即 Access-Control-Allow-Origin 等都是正确的)。
Thanks!谢谢!
1 个解决方案
解决方案1
2 2015-09-24 19:11:55
There are some security related issues with XDomain that makes it strip any cookies according to no 5 in this msdn blog . XDomain 存在一些与安全相关的问题,使其根据此msdn 博客中的第5 条删除任何 cookie。 However there also exist a workaround using proxy with example project on Github .但是,在Github上也有使用代理和示例项目的解决方法。 I think everything you need to make it work are described in those two pages.我认为在这两页中描述了使它工作所需的一切。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.