关于这个话题有很多问题。我尝试了他们的答案/解决方案,但我似乎在这里遗漏了一些东西。
我的后端是.NET Web Api,其web.config文件中包含以下内容:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, OPTIONS"/>
<add name="Access-Control-Allow-Headers" value="authorization,content-type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,access-control-allow-origin"/>
</customHeaders>
</httpProtocol>
在前端,我正在使用JSON正文内容发出POST请求,如下所示:
$http({
method: 'POST',
url: options.url,
headers: { 'Content-Type': 'application/json', 'Authorization': 'Basic ' + basicAuth },
data: dataObj
});
在Fiddler中,OPTIONS请求如下所示:
OPTIONS http://localhost:44302/my/url HTTP/1.1
Host: localhost:44302
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://127.0.0.1:9000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
Access-Control-Request-Headers: accept, authorization, content-type
Accept: */*
Referer: http://127.0.0.1:9000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
这就是回应:
HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.0
WWW-Authenticate: Basic realm="MyServices"
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?blah blah
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
Access-Control-Allow-Headers: authorization,content-type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,access-control-allow-origin
Date: Tue, 18 Aug 2015 19:48:46 GMT
Content-Length: 2192
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Request Error</title>
</head>
<body>
<div id="content">
<p class="heading1">Request Error</p>
<p xmlns="">The server encountered an error processing the request. Please see the blah blah,and a useless call stack</p>
</div>
</body>
</html>
服务器响应包括allow-origin:*。它还包括OPTIONS请求中请求的allow-methods和allow-headers。是否有另一个要求服务器积极响应OPTIONS请求?我还缺少什么?