我试图在我的IIS 7.5网络服务器上运行CORS。我在web.config中添加了以下行:
<httpProtocol>
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<remove name="Access-Control-Allow-Headers" />
<remove name="Access-Control-Allow-Methods" />
<add name="Access-Control-Allow-Headers" value="Content-Type,Authorization" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Origin" value="http://srv2008:85" />
<add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
</customHeaders>
</httpProtocol>
检查响应标头时,只有FireFox(36.0)似乎选择了正确的标题:
在FF中:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Methods: POST,GET,OPTIONS
access-control-allow-origin: http://srv2008:85
Chrome中的:
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:POST,GET,OPTIONS
Access-Control-Allow-Origin:*
在IE11中:
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Content-Type
Access-Control-Allow-Methods POST,GET,OPTIONS
为什么这三个Reponse Headers对于所有三个浏览器在Web服务器上请求完全相同的页面时都不一样? Chrome和IE如何忽略我的自定义标题?
答案 0 :(得分:0)
自己找到答案。似乎还有另一个设置有冲突的web.config。奇怪的是,不同的浏览器对不同的web.config文件做出反应......