使用Chrome / WebKit调试Access-Control-Allow-Origin
[英]Debugging Access-Control-Allow-Origin with Chrome/WebKit
问题描述
I'm trying to use Cross-Origin Resource Sharing with Access-Control-Allow-Origin and related headers. 
我正在尝试使用Access-Control-Allow-Origin和相关标头的跨源资源共享 。 I have it working on Firefox, but Chrome is giving me permission errors, that look this like: 我有它在Firefox上工作,但Chrome给了我许可错误,看起来像这样:
XMLHttpRequest cannot load <remote>. Origin <local> is not allowed by Access-Control-Allow-Origin.
The network inspector shows the request but no response (and doesn't include the OPTIONS preflight request and response). 网络检查员显示请求但没有响应(并且不包括OPTIONS预检请求和响应)。 I inspected the request output using curl and reproducing all the headers, and what I see fits what the specification implies (and again, what Firefox accepts). 我使用curl检查了请求输出并重现了所有头文件,我看到的内容符合规范的含义(同样,Firefox接受的内容)。 I'm at a loss how to debug this further -- are there tricks for seeing the network activity at a lower level than what Chrome normally provides? 我不知道如何进一步调试 - 是否存在将网络活动视为低于Chrome通常提供的水平的技巧? Information about how Chrome interprets CORS requests differently than Firefox? 有关Chrome如何以不同于Firefox解释CORS请求的信息?
1 个解决方案
解决方案1
5 已采纳 2011-01-25 14:50:36
I suspect what you're seeing is a preflight followed by a failing Chrome request due to a bug. 我怀疑你所看到的是一个预检,然后由于一个错误导致Chrome请求失败。 That would explain why things work in Firefox but not in Chrome. 这可以解释为什么在Firefox中有效但在Chrome中无效。
Are you sending any custom headers in your request? 您是否在请求中发送任何自定义标头? There's a bug in WebKit where GET requests with custom headers fails (bug here: http://code.google.com/p/chromium/issues/detail?id=57836 ). WebKit中存在一个错误,其中带有自定义标头的GET请求失败(此处有错误: http : //code.google.com/p/chromium/issues/detail?id = 57836 )。 I've also noticed that Chrome sometimes expects the Content-Type header in the Access-Control-Allow-Headers list, even though Content-Type is a simple header. 我还注意到Chrome有时会在Access-Control-Allow-Headers列表中看到Content-Type标头,即使Content-Type是一个简单的标头。
Also, you mention that the network inspector doesn't include the OPTIONS preflight? 另外,您提到网络检查员不包括OPTIONS预检? Which network inspector are you using? 你在使用哪个网络检查员? I'd recommend using Wireshark, since this gives you details on the actual network traffic that Chrome's inspector doesn't provide (for example, Wireshark will log preflight requests). 我建议使用Wireshark,因为这会为您提供Chrome检查员未提供的实际网络流量的详细信息(例如,Wireshark将记录预检请求)。
Some other debugging tips: 其他一些调试技巧:
Try the request out in Safari. 在Safari中尝试请求。 This will help narrow it down to a Chrome bug or a WebKit bug. 这将有助于将其缩小到Chrome错误或WebKit错误。
The times I've seen the error you are seeing (Wireshark shows a request but not a response), it is because my server doesn't include the Access-Control-Allow-Origin header, which isn't included because Chrome isn't sending the Origin header (see bug above). 我看到你看到的错误的时间(Wireshark显示请求但不是响应),这是因为我的服务器不包含Access-Control-Allow-Origin标头,因为Chrome不是,所以不包括发送Origin标头(见上面的错误)。 In your network trace, do you see an Origin header in the request? 在网络跟踪中,您是否在请求中看到了Origin标头? Do you have control over the server, and if so, does it receive an Origin header? 您是否可以控制服务器,如果是,它是否接收到Origin标头?
Its tough to debug the actual issue without more details. 如果没有更多细节,很难调试实际问题。 If you are still having issues, can you post request/response headers here? 如果您仍然遇到问题,可以在此处发布请求/响应标头吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.