我试图为ServiceStack V4项目启用CORS。我的插件配置如下:
Plugins.Add(new CorsFeature(allowedHeaders:"Content-Type, Authorization"));
我还使用HTTP basic auth进行身份验证:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
{
new BasicAuthProvider(), //Sign-in with Basic Auth
new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
}));
修改
HTTP请求(我使用基本身份验证发送无效凭据)
GET http://localhost:1337/channel/channel1/history HTTP/1.1
User-Agent: Fiddler
Origin: http://google.com
Host: localhost:1337
Authorization: Basic dXNlcjE6aW52YWxpZHBhc3M=
HTTP响应(没有CORS标头)
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=5JzRkMjA1eCcFhANnsWL; path=/; HttpOnly
Set-Cookie: ss-pid=UM738YinHoIl9hgQBf9o; expires=Sun, 20-May-2035 07:36:00 GMT; path=/; HttpOnly
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcV29ya1xPdmFsYXlcT3ZhbGF5XGNoYW5uZWxcY2hhbm5lbDFcaGlzdG9yeQ==?=
X-Powered-By: ASP.NET
Date: Wed, 20 May 2015 07:36:00 GMT
Content-Length: 1454
{<json body with error message goes here>}
一切正常,直到我尝试从客户端发送无效的用户凭据。在这种情况下,CORS头被省略,浏览器无法访问响应消息。 我是否遗漏了一些配置详情?
答案 0 :(得分:1)
我可以使用AppHost中的以下配置解决此问题:
UncaughtExceptionHandlers.Add((req, res, name, exception) =>
{
//this is needed for inclusion of CORS headers in http error responses
//(for example when invalid user credentials passed)
res.ApplyGlobalResponseHeaders();
});