我目前正在与Angular建立一个前端。我正在使用不同域上的ASP.NET后端服务器执行http get请求以进行身份验证。其url是host / WebPortlet / AuthService.aspx
这是web.config标题:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS" />
<add name="Access-Control-Max-Age" value="1000" />
<add name="Access-Control-Allow-Headers" value="x-requested-with, Content-Type, origin, authorization, accept, client-security-token, token" />
</customHeaders>
</httpProtocol>
我使用此代码段发送请求:
return this.config
.getLegacyBaseUrl()
.pipe(map(baseUrl =>
{
var url = `${baseUrl}/WebPortlet/AuthService.aspx`;
console.log(`requesting legacy session from ${url}`);
return this.http.get<LegacyAuthInfo>(url, {headers: { 'token': token}});
}),
flatMap(d => d,
(sourceData, mappedData) => {
console.log(`login info from legacy app: ${JSON.stringify(mappedData)}`);
return mappedData.token;
}));
此请求将以下预检发送到后端:
Host: host
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: token
Origin: http://localhost:4200
Connection: keep-alive
得到这个答案:
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST, COPY, PROPFIND, LOCK, UNLOCK
Server: Microsoft-IIS/8.5
Public: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK
DAV: 1,2,3
MS-Author-Via: DAV
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token, token
Date: Tue, 05 Jun 2018 10:30:46 GMT
Content-Length: 0
之后是实际的GET请求:
Host: host
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: application/json, text/plain, */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:4200/
token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoidHggYWRtaW4iLCJuYmYiOjE1MjgxOTE2OTgsImV4cCI6MTUyODE5MjI5OCwiaXNzIjoiS3JhdHplciBBdXRvbWF0aW9uIiwiYXVkIjoiS3JhdHplciBBdXRvbWF0aW9uIn0.KEvgrLy-VVhsJjmjym1Q7E4mgZTEc8tZpkhJrHVNrss
Origin: http://localhost:4200
Connection: keep-alive
服务器以找到的302回答,因为它重定向到包含会话令牌的URL:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: host/(S(ccw0ei2nmj2x4pyru4djz3ch))/WebPortlet/AuthService.aspx
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token, token
Date: Tue, 05 Jun 2018 10:30:46 GMT
Content-Length: 188
现在,在chrome和IE上,接着是另一个预检+ GET到这个新位置,获取我想要的数据。但是,firefox似乎阻止了这个重定向,我得到的是以下错误:
{&#34;头&#34; {&#34; normalizedNames&#34;:{},&#34; lazyUpdate&#34;:空,&#34;头&#34;:{}}, &#34;状态&#34;:0,&#34;状态文本&#34;:&#34;未知 错误&#34;&#34; URL&#34;:空,&#34; OK&#34;:假,&#34;名称&#34;:&#34; HttpErrorResponse&#34;&#34;消息& #34;:&#34;的Http (未知网址)的失败响应:0未知 错误&#34;&#34;错误&#34; {&#34; isTrusted&#34;:真}}
有什么办法可以解决这个问题吗?或者我做错了什么?
干杯!