我正在尝试将angularJS与Jetty后端一起使用。
预检CORS请求在chrome中正常工作但在firefox中我收到此CORS错误: 跨源请求已阻止:同源策略禁止在http://remote.machine:8080/api/v1/provisioning/users/current-user读取远程资源。这可以通过将资源移动到同一域或启用CORS来解决。
选项请求的标题如下:
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2014 16:06:12 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=eyv8cpnnfphy1b0121uzt293y;Path=/
Content-Length: 0
Server: Jetty(9.2.2.v20140723)
角度请求设置如下:
$http.get(AS_API_URL + '/provisioning/users/current-user', {
headers: {
'Authorization': 'Basic ' + base64EncodedAuth
}
});
由于某种原因,这些标题在Chrome中运行良好,但在Firefox中运行不正常,是否有人知道为什么?我需要提供更多信息吗?
编辑:
Musa对于Access-Control-Allow-Headers格式错误是正确的。 我编辑了Jetty Server,所以标题现在是:
Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
我向你表示感谢穆萨,你刚刚结束了我的一天:)
答案 0 :(得分:1)
为了扩展 Musa 在评论中的回答,Firefox 正在阻止请求,因为以下标头有两次而不是一次:
Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
应该改为
Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept