即使在预检OPTIONS成功之后,AJAX CORS webAPI请求也会失败

时间:2014-11-20 20:42:15

标签: asp.net-web-api

我正在尝试制作CORS AJAX" GET"调用托管在测试服务器中的Web API服务。 webAPI URL = http:xxx:xxx:xxx:xxx / api / v1 / jobs

我在WebAPIConfig.cs中有以下代码行



 
var cors = new EnableCorsAttribute("*","*","*");
config.EnableCors(cors);




AJAX请求(来自本地)



 
$.ajax({
      type: "GET",
      datatype: "JSON",
      url: http: xxx: xxx: xxx: xxx / api / v1 / jobs,
      contentType: "application/json";
      charset = utf - 8 ",
            accept: 'application/json',
            beforeSend: BH,            
            success: callback
        }).done(function (data) {
            var str = data.job_id + ': ' + data.job_name;
            $('#responsevalue').text(str);
        }).error(function (jqXHR, textStatus, errorThrown) {
            $('#responsevalue').text(jqXHR.status + "::" + jqXHR.statusText + "::" + jqXHR.responseText );
        });




在Fiddler中,我可以看到发送OPTIONS的飞行前请求以及200的响应。

Fiddler请求标题:



 
OPTIONS http:xxx:xxx:xxx:xxx/api/v1/jobs HTTP/1.1
Host: 50.17.211.226
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:55346
Access-Control-Request-Method: GET
Access-Control-Request-Headers: requestdateutc,requestverificationtoken
Connection: keep-alive




Fiddler响应标题



 
HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Accept
Access-Control-Max-Age: 1728000
X-Powered-By: ASP.NET
Date: Thu, 20 Nov 2014 14:21:50 GMT
Content-Length: 0




在Firebug中,我可以看到以下细节:

Firebug请求标头:



 
OPTIONS http:xxx.xxx.xxx.xxx/api/v1/jobs HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http:localhost:55346
Access-Control-Request-Method: GET
Access-Control-Request-Headers: requestdateutc,requestverificationtoken
Connection: keep-alive




Firebug响应标题:



 
HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Content-Type, Accept, Content-Type
Access-Control-Max-Age: 1728000
X-Powered-By: ASP.NET
Date: Thu, 20 Nov 2014 18:08:36 GMT
Content-Length: 0




我在这里和其他地方阅读了很多文档。它似乎很简单,适合所有人(除了我)。

最后注意事项:我使用位于测试服务器旁边的html页面测试了API,它运行正常。这意味着服务和网页都位于同一个域中。 附加信息:浏览器:Firefox,ASP.NET 4.5,Web API 2.2,VS2013 Express

提前致谢,我们非常感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

在您的回复中,它表示允许的标头为Content-Type, Accept, Content-Type,但您要求requestdateutc,requestverificationtoken。尝试明确允许这些标题。

相关问题
最新问题