Question

我一直在尝试在Azure Web Apps上实现用AngularJs 1.X编写的单页应用程序，该应用程序在IIS网络服务器上运行。为安全起见，我将Web服务器配置为禁止除GET和POST之外的所有http谓词。这是web.config文件：

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By"/>
                <remove name="Vary"/>
                <add name="Vary" value="Accept-Encoding"/>
                <add name="Access-Control-Allow-Origin" value="*"/>
                <add name="X-Frame-Options" value="SAMEORIGIN"/>
                <add name="X-Content-Type-Options" value="nosniff"/>
                <add name="X-XSS-Protection" value="1; mode=block"/>
            </customHeaders>
        </httpProtocol>
        <security>
            <requestFiltering removeServerHeader="true">
                <requestLimits maxAllowedContentLength="30000000" maxUrl="260" maxQueryString="25"/>
                <verbs allowUnlisted="false">
                    <add verb="GET" allowed="true"/>
                    <add verb="POST" allowed="true"/>
                </verbs>
            </requestFiltering>
        </security>
        <httpErrors errorMode="Custom">
            <clear/>
            <error statusCode="500" path="/err/500.html" responseMode="Redirect"/>
            <error statusCode="404" path="/err/404.html" responseMode="Redirect"/>
            <error statusCode="403" path="/err/403.html" responseMode="Redirect"/>
        </httpErrors>
        <rewrite>
            <rules>
                <rule name="Redirect to https" stopProcessing="true">
                    <match url="(.*)"/>
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$"/>
                        <add input="{REQUEST_METHOD}" pattern="^get$|^post$"/>
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
                </rule>
            </rules>
        </rewrite>
        <httpCompression>
            <dynamicTypes>
                <add enabled="true" mimeType="text/html"/>
            </dynamicTypes>
            <staticTypes>
                <add enabled="true" mimeType="text/html"/>
            </staticTypes>
        </httpCompression>
    </system.webServer>
    <system.web>
        <httpRuntime enableVersionHeader="false"/>
        <customErrors mode="On">
            <error statusCode="500" redirect="/err/500.html"/>
            <error statusCode="404" redirect="/err/404.html"/>
            <error statusCode="403" redirect="/err/403.html"/>
        </customErrors>
    </system.web>
</configuration>

然而，当我尝试加载主页面时，我从Angular注入的文件中得到406错误。怎么解决？

P.S。这是卷曲响应：

curl -I www.washery.it
HTTP/1.1 302 Redirect
Content-Length: 157
Content-Type: text/html; charset=UTF-8
Location: http://www.washery.it/err/404.html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
Set-Cookie: ARRAffinity=...;Path=/;Domain=www.washery.it
Date: Tue, 17 Nov 2015 16:46:23 GMT

这是错误（页面www.washery.it/user /＃/ login）

the server responded with a status of 406 (Not Acceptable): https://www.washery.it/user/notifications/notificationEntry.html

Answer 1

删除使用Angular发送的任何标头，例如

 $httpProvider.defaults.headers.common['Accept'] = 'application/json';

似乎IIS无法处理通过Javascript发送的标头，就像其他＆＃34;正常＆＃34; Web服务器（参见Nginx或Apache）。

IIS 406上的AngularJs错误

1 个答案: