.NET Web API + AngularJS:CORS选项请求失败,400 Bad Request

时间:2015-08-18 19:52:31

标签: json angularjs asp.net-web-api cors

关于这个话题有很多问题。我尝试了他们的答案/解决方案,但我似乎在这里遗漏了一些东西。

我的后端是.NET Web Api,其web.config文件中包含以下内容:

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, OPTIONS"/>
    <add name="Access-Control-Allow-Headers" value="authorization,content-type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,access-control-allow-origin"/>
  </customHeaders>
</httpProtocol>

在前端,我正在使用JSON正文内容发出POST请求,如下所示:

$http({
   method: 'POST',
   url: options.url,
   headers: { 'Content-Type': 'application/json', 'Authorization': 'Basic ' + basicAuth },
   data: dataObj
});

在Fiddler中,OPTIONS请求如下所示:

OPTIONS http://localhost:44302/my/url HTTP/1.1
Host: localhost:44302
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://127.0.0.1:9000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36
Access-Control-Request-Headers: accept, authorization, content-type
Accept: */*
Referer: http://127.0.0.1:9000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

这就是回应:

HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.0
WWW-Authenticate: Basic realm="MyServices"
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?blah blah
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
Access-Control-Allow-Headers: authorization,content-type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,access-control-allow-origin
Date: Tue, 18 Aug 2015 19:48:46 GMT
Content-Length: 2192

<?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title>Request Error</title>
      </head>
      <body>
        <div id="content">
          <p class="heading1">Request Error</p>
          <p xmlns="">The server encountered an error processing the request. Please see the blah blah,and a useless call stack</p>
        </div>
      </body>
    </html>

服务器响应包括allow-origin:*。它还包括OPTIONS请求中请求的allow-methods和allow-headers。是否有另一个要求服务器积极响应OPTIONS请求?我还缺少什么?

0 个答案:

没有答案