我有一个Spring MVC应用程序,我们在web.xml中添加了CORS过滤器配置:
<!-- CORS filter -->
<filter>
<filter-name>CORS Filter</filter-name>
<filter-class>org.ebaysf.web.cors.CORSFilter</filter-class>
<init-param>
<description>A comma separated list of HTTP verbs, using which a CORS request can be made.</description>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<init-param>
<description>A comma separated list of allowed headers when making a non simple CORS request.</description>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept,Accept-Encoding,Accept-Language,Connection,Host,Origin,Range,Referer,User-Agent,Content-Type,X-CSRFToken,Authorization</param-value>
</init-param>
<init-param>
<description>A comma separated list of headers other than the simple response headers that browsers are allowed to access.</description>
<param-name>cors.exposed.headers</param-name>
<param-value>Content-Range,Content-Type,Server,Transfer-Encoding,Access-Control-Allow-Origin,X-CSRFToken,Authorization</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
从Chrome,Firefox,IE / Edge和Safari 10.x中的AngularJS应用程序获取资源时,此配置可正常工作。但是,使用Safari 9.1,我收到以下错误:
XMLHttpRequest cannot load [spring server/resource]. Origin [server serving angularjs app] is not allowed by Access-Control-Allow-Origin.
有关系统架构的更多信息:
Server 1,subdomain1.domain.com
- 提供XLIFF捆绑包,在web.xml中具有CORS配置。
Server 2,subdomain2.domain.com - 使用REST API的Spring应用程序,也为AngularJS应用程序提供服务。 AngularJS尝试从subdomain1.domain.com加载XLIFF包。
这是来自客户端的一个示例调用,用于从Chrome获取捆绑包,这是成功的(首先是OPTIONS,然后是GET):
OPTIONS /App/rest/xliffs?countryCode=us&language=en&name=Bundle HTTP/1.1
Host: subdomain1.pearsonvue.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: https://subdomain2.pearsonvue.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: https://subdomain2.pearsonvue.com/AngularJSApp/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4
GET /App/rest/xliffs?countryCode=us&language=en&name=Bundle HTTP/1.1
Host: subdomain1.pearsonvue.com
Connection: keep-alive
Accept: application/json, text/plain, */*
Origin: https://subdomain2.pearsonvue.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
Authorization: Bearer <token>
Referer: https://subdomain2.pearsonvue.com/AngularJSApp/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4
而且这里&#39;从Safari 9.1发出的示例调用。 GET失败,OPTIONS成功:
GET https://subdomain1.pearsonvue.com/App/rest/xliffs?countryCode=us&language=en&name=Bundle
Referer https://subdomain2.pearsonvue.com/AngularJSApp/
Authorization Bearer <token>
Accept application/json, text/plain, */*
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17
Origin https://subdomain2.pearsonvue.com
OPTIONS https://subdomain1.pearsonvue.com/App/rest/xliffs?countryCode=us&language=en&name=Bundle
Access-Control-Request-Headers accept, origin, authorization
Origin https://subdomain2.pearsonvue.com
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17
Referer https://subdomain2.pearsonvue.com/AngularJSApp/
Access-Control-Request-Method GET
我不知道该怎么做。我研究了Safari 9.1和10.x之间的差异,并且找不到为什么我们会看到这种行为上的差异的充分理由。