使用barryvdh / laravel-cors的Laravel angularJS CORS无法在IIS上运行

时间:2015-08-27 12:14:53

标签: angularjs laravel-5 cors iis-8.5

我对IIS上托管的API的跨域请求有问题。

我正在使用angularjs应用程序从API获取数据,这是使用laravel 5使用tymondesigns / jwt-auth和barryvdh / laravel-cors包为JWT和CORS开发的。

当API托管在apache angularjs应用程序获取数据时。但是当在IIS上托管时,它会出现以下错误:

XMLHttpRequest cannot load http://example.com/api/authenticate. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

预检请求响应标题:

Request URL:http://example.com/api/authenticate
Request Method:OPTIONS
Status Code:200 OK
Allow:OPTIONS, TRACE, GET, HEAD, POST
Content-Length:0
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/8.5
X-Powered-By:ASP.NET

我的第一个问题是为何在IIS上托管时未设置“Access-Control-Allow-Origin”。是否有任何特殊设置可以在IIS上启用CORS。

然后我将以下行添加到web.config文件中:

<httpProtocol>
    <customHeaders>
        <remove name="Access-Control-Allow-Origin" />   
        <add name="Access-Control-Allow-Origin" value="*" />
        <remove name="Access-Control-Allow-Headers" />
       <add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Authorization, Accept, X-Request-With" />
   </customHeaders>
</httpProtocol>

现在它出现以下错误:

XMLHttpRequest cannot load http://example.com/api/authenticate. The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost, *', but only one is allowed. Origin 'http://localhost' is therefore not allowed access.

预检请求响应标题:

Request Method:OPTIONS
Status Code:200 OK
Access-Control-Allow-Headers:Origin, Content-Type, Authorization, Accept, X-Request-With
Access-Control-Allow-Origin:*
Allow:OPTIONS, TRACE, GET, HEAD, POST
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/8.5
X-Powered-By:ASP.NET

实际的请求响应标头:

Request Method:POST
Status Code:200 OK
Access-Control-Allow-Headers:Origin, Content-Type, Authorization, Accept, X-Request-With
Access-Control-Allow-Origin:http://localhost
Access-Control-Allow-Origin:*
Content-Type:application/json
Server:Microsoft-IIS/8.5
Set-Cookie:XSRF-TOKEN=eyJpdiI6IkpwNnU2mTnc9PSIsInam9jTFpxb0ptak1IMmFsQ3ZZhbMTM5ZTMzMjgyZWIyNCJ9; expires=Thu, 27-Aug-2015 12:52:55 GMT; Max-Age=7200; path=/; httponly
Vary:Origin
X-Powered-By:ASP.NET
X-Powered-By:PHP/5.6.0

那么为什么“Access-Control-Allow-Origin”正在重复“实际请求响应头。

将“Access-Control-Allow-Origin”添加到web.config文件是否安全。

1 个答案:

答案 0 :(得分:0)

此问题的正确解决方案是:

  • 在IIS中安装CORS模块和
  • 在web.config文件中配置CORS

IIS CORS module Configuration Reference

相关问题
最新问题