CORS适用于chrome但不适用于firefox,angularjs

时间:2014-09-24 16:11:23

标签: javascript angularjs google-chrome firefox cors

我正在尝试将angularJS与Jetty后端一起使用。

预检CORS请求在chrome中正常工作但在firefox中我收到此CORS错误: 跨源请求已阻止:同源策略禁止在http://remote.machine:8080/api/v1/provisioning/users/current-user读取远程资源。这可以通过将资源移动到同一域或启用CORS来解决。

选项请求的标题如下:

HTTP/1.1 200 OK
Date: Wed, 24 Sep 2014 16:06:12 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=eyv8cpnnfphy1b0121uzt293y;Path=/
Content-Length: 0
Server: Jetty(9.2.2.v20140723)

角度请求设置如下:

$http.get(AS_API_URL + '/provisioning/users/current-user', {
            headers: {
                'Authorization': 'Basic ' + base64EncodedAuth               
            }
        });

由于某种原因,这些标题在Chrome中运行良好,但在Firefox中运行不正常,是否有人知道为什么?我需要提供更多信息吗?

编辑:

Musa对于Access-Control-Allow-Headers格式错误是正确的。 我编辑了Jetty Server,所以标题现在是:

Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept

我向你表示感谢穆萨,你刚刚结束了我的一天:)

1 个答案:

答案 0 :(得分:1)

为了扩展 Musa 在评论中的回答,Firefox 正在阻止请求,因为以下标头有两次而不是一次:

Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept

应该改为

Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept