stackoom
  简体   繁体   中英

CORS, IIS - the strangest failure ever

 原文  2013-04-12 14:26:52       jquery/ ajax/ apache/ iis

Question

I got a Microsoft IIS server (over TMG firewall). I got Apache server (different location, no firewall). My IIS server serves data files (plain text, actually - CSV).

Apache server serves simple HTML page which loads data from IIS server via jQuery.ajax() method. Or, XDomainRequest() on IE8 and maybe 9. (Made as $.ajax transport).

Here's my web.config for directory containing data:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <location path=".">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Methods" value="GET,POST" />
          <add name="Access-Control-Allow-Headers" value="Content-Type" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
</configuration>

Here's the test:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <title>CORS TEST</title>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
        <script>
            $(function () {
                var h2 = $('h2:first');
                    h3 = $('h3:first');
                h3.text(navigator.userAgent);
                $.ajax({
                    url : '//my.iis.site.net/ajax/data/test.csv',
                    method : 'GET'
                })
                .done(function() {
                   h2.text('WORKS.'); 
                })
                .fail(function() {
                   h2.text('FAILED.'); 
                });
            });
        </script>
    </head>
    <body>
        <h1>CORS TEST:</h1>
        <h2></h2>
        <h3></h3>
    </body>
</html>

I tested it with all specified browsers supporting CORS. And a few more mobile ones. I couldn't make it fail. It just works, all by the book.

After testing this configuration with our team at work, we found it's OK to deliver our new site to a broader audience. And it's when all hell broke loose.

Most of the people say it works. But significant amount (definitely above 10%) of people say it doesn't work. I'm afraid it's way more than 10%, it could be even 50%.

And here's the worst case: 2 persons, but almost (or totally) identical software (OS, configuration, programs, ISP, browsers). One guy sees AJAX data, the other one doesn't.

Same OS, same browser (tested with 3 different browsers on both computers, exactly the same versions, and the same ISP).

On some computers CORS just doesn't work, no matter what!

And yes, they cleared all browser caches. Didn't help.

Browser doesn't throw any error in console, $.ajax() method just triggers .fail() method, instead of .done() . I have no idea how to test it, since on my machine it always works. Even on my all mobile devices and GSM network it works as charm. Even on quite old Android version and pretty old default browser. No matter what I can't make it fail, just like some people just can't make it work on ANY of their computers or mobile devices.

What evil magic is it? Should I just forget about CORS and switch to JSONP transport?

There's a reason I don't use JSONP. The data server will receive a huge traffic. The data is updated every 500ms and will be reloaded by thousands of users very often (even at 500ms rate). Executing script on each request on my IIS server is not the best idea. It could have quite negative effect on performance.

Any clues? Zip the data as PNG and unzip via JS? :) It's a crazy hack. CORS is not crazy, but this is what I get.

Any idea how could I start to test it? Maybe it's a bug in jQuery, but I doubt it. The guy which can't access the files via CORS can't access them even when requesting script was run from the same domain. I had to remove web.config to make AJAX work on the same domain.

2 answers

solution1
 1 ACCPTED  2013-05-09 09:57:24

If you place web.config file in a subdirectory of a web application, you MUST convert that subdirectory to an application in IIS Manager. Otherwise it gives error 500 for every request to this subdirectory.

Someone converted it to web application on one server, but not on the other one. That's why some users got data, and some error 500 instead of data.

solution2
 -1  2016-11-03 16:14:05

Make sure that ur clients are not behind a proxy server or firewall.. some proxy servers or firewall may block or auto respond to preflight options request..

Also in the handler section of ur servers web.config file add

<handlers>
      <remove name="OPTIONSVerbHandler" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Angularjs CORS failure with FireFox Enabling Cors in local IIS Set Up CORS IIS7 JQuery stuck at CORS preflight and IIS ghost response How to set up CORS properly on IIS? IIS and jQuery CORS - 401 returned on preflight IIS is executing request even if CORS is disabled CORS request failure with jQuery using withCredentials and client certificates Enable CORS POST from jQuery ajax to WCF Service NOT Hosted in IIS Strangest error on live Site, random massive circle appears with Safari and IE
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM