CORS在Firefox中不起作用
[英]CORS not working in Firefox
问题描述
我试图通过ajax将数据加载到jQuery对话框中,但Firefox中的请求失败(34.0.5)。 工作正常,我在Chrome和Safari中没有任何抱怨。
我的apache conf包含:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods: "PUT, GET, POST, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
jQuery很简单:
$('#dialog').load('example.php', function() { $('#dialog').dialog('open'); });
Firefox响应以下控制台错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://www.example.com/example.php. This can be fixed by moving the resource to the same domain or enabling CORS.
检查来自ajax请求的响应头,它们似乎都是完整的,并且与apache中声明的内容一致。 我是否应该包含一些其他指令或以某种方式更改配置以使其工作?
更新:问题的根源在于我希望example.com和www.example.com都能发挥相同的作用。 有问题的网站在两个实例中的标头<base href="www.example.com" />中始终都有一个标记,因为这是默认网站框架的一部分。 我已经发现删除此链接允许ajax请求在example.com上工作,即使它仍然专门从www子域调用资源。
有趣的是,删除此标记时,请求和响应标头的许多方面都会发生变化。 对于任何可能对这里的含义有所了解的人我都会在下面粘贴请求和响应标头。
以下是删除了<base>标记的标题。 在这种情况下,ajax调用成功:
响应
HTTP/1.1 200 OK
Date: Sun, 18 Jan 2015 22:11:04 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Set-Cookie: PHPSESSID=xxx; path=/; HttpOnly
language=en; expires=Tue, 17-Feb-2015 22:11:04 GMT; Max-Age=2592000; path=/; domain=www.example.com
currency=CAD; expires=Tue, 17-Feb-2015 22:11:04 GMT; Max-Age=2592000; path=/; domain=www.example.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public
Pragma: no-cache
Content-Encoding: gzip
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 1515
Connection: close
Content-Type: text/html; charset=utf-8
请求
GET /example.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://example.com/
Origin: http://example.com
x-insight: activate
Connection: keep-alive
Cache-Control: max-age=0
以下是<base>标记完整的标题。 这些标头反映了ajax调用失败的情况。 值得注意的是,响应标题中的“位置”字段显示为“https”,即使这不是通过https连接发生的:
响应
HTTP/1.1 302 Found
Date: Sun, 18 Jan 2015 22:12:26 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Set-Cookie: PHPSESSID=xxx; path=/; HttpOnly
language=en; expires=Tue, 17-Feb-2015 22:12:26 GMT; Max-Age=2592000; path=/; domain=www.example.com
currency=CAD; expires=Tue, 17-Feb-2015 22:12:26 GMT; Max-Age=2592000; path=/; domain=www.example.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public
Pragma: no-cache
Status: 302
Location: https://www.example.com/index.php
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 0
Connection: close
Content-Type: text/html
请求
OPTIONS /example.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://example.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
x-insight: activate
Connection: keep-alive
Cache-Control: max-age=0
1 个解决方案
解决方案1
0 2016-03-25 15:09:02
根据MDN ,您不能将通配符用于“凭证请求”,因此您的请求可能属于该类别。
AngularJS PHP CORS 不适用于 FireFox
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.