首先让我说我已经完成了所有类似的帖子,但没有解决我的问题。我还排除了服务器端没有错,因为我收到了正确的响应标头,至少如Fiddler和Chrome Dev工具中所示。
我正在使用Thinktecture.IdentityModel并使用jquery在客户端进行身份验证,如下所示:
$.ajax({
url: tokenEndpoint,
type: 'GET',
// jsonp is not an option and it does not work anyway with my server setup
dataType: "json", // including this does not help
crossDomain: true, // including this does not help
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic xxxxx');
},
success: function () {
alert('success!');
},
error: function(xhr, errorType, exception) {
}
});
这是我得到的痕迹:
*预检CORS请求*
OPTIONS http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://ORIGIN_DOMAIN
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
预检回复
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: http://ORIGIN_DOMAIN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,authorization
Content-Length: 15
{"status":"ok"}
实际的AJAX请求
GET http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Accept: */*
Origin: http://ORIGIN_DOMAIN
Authorization: Basic xxxxx
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
AJAX响应
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 560
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: xxxxx
{
"access_token": "xxxxx",
"expires_in": xxx
}
注意跟踪的最后一行,它来自Fiddler选项卡上的TextView,表示服务器调用成功。我可以确认服务器调用是成功的,因为我调试了服务器端代码并且返回了返回该输出的代码并且没有抛出任何错误。任何想法如何使它工作?
答案 0 :(得分:1)
正如问题标题中的错误消息所述,响应缺少Access-Control-Allow-Origin标头。根据您在问题末尾发布的响应内容,服务器不包括此标头。所以,问题出在您的服务器上。您需要在回复中包含此标题。