寻求一些帮助,我已经检查了网上的所有内容,我无法弄清楚为什么它对我不起作用。我正在研究一个非常简单的概念验证,但我认为它应该可以工作,但我怀疑我错过了一些明显的东西而且我只是不够聪明才能看到它。 我已将http更改为hxxp,因为Stack Exchange不会让我发布此问题。
浏览器正在连接到域1.一个页面正在使用MVC。此原始响应带有以下标头。 请注意Set-Cookie行:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: Original=Chocolate; path=/
X-SourceFiles: =?UTF-8?B?YzpcdXNlcnNcZWNhbXBvc1xkb2N1bWVudHNcdmlzdWFsIHN0dWRpbyAyMDE1XFByb2plY3RzXENvb2tpZVRyYWRlQVxDb29raWVUcmFkZUE=?=
X-Powered-By: ASP.NET
Origin: http://orghost:54605
Date: Tue, 02 May 2017 21:08:19 GMT
Transfer-Encoding: chunked
正在提供的页面只有一个按钮,我有jQuery代码来分派Ajax GET。该脚本如下所示:
$(function () {
$('#btnCORS').click(function () {
$.support.cors = true;
var request = $.ajax({
type: 'GET',
url: 'hxxp://duplihost:54614/Ajax/Ping',
contentType: "application/json",
dataType: 'json',
crossDomain: true,
xhrFields: { withCredentials: true },
success: function (response) {
alert('Success');
},
error: function(xhr, status) {
alert('Error');
}
});
});
});
当我点击按钮时,我注意到Fiddler的流量。首先是预检:
请求
OPTIONS hxxp://duplihost:54614/Ajax/Ping HTTP/1.1
Host: duplihost:54614
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: hxxp://orghost:54605
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: hxxp://orghost:54605/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
响应
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Server: Microsoft-IIS/10.0
Public: OPTIONS, TRACE, GET, HEAD, POST
X-SourceFiles: =?UTF-8?B?YzpcdXNlcnNcZWNhbXBvc1xkb2N1bWVudHNcdmlzdWFsIHN0dWRpbyAyMDE1XFByb2plY3RzXENvb2tpZVRyYWRlQlxDb29raWVUcmFkZUJcQWpheFxQaW5n?=
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: hxxp://orghost:54605
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, *
Date: Tue, 02 May 2017 20:59:52 GMT
Content-Length: 0
然后实际通话。 请注意,此处没有“cookie”行。
请求:
GET hxxp://duplihost:54614/Ajax/Ping HTTP/1.1
Host: duplihost:54614
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
Origin: hxxp://orghost:54605
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Content-Type: application/json
Referer: hxxp://orghost:54605/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
响应:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?YzpcdXNlcnNcZWNhbXBvc1xkb2N1bWVudHNcdmlzdWFsIHN0dWRpbyAyMDE1XFByb2plY3RzXENvb2tpZVRyYWRlQlxDb29raWVUcmFkZUJcQWpheFxQaW5n?=
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: hxxp://orghost:54605
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, *
Date: Tue, 02 May 2017 20:59:54 GMT
Content-Length: 15
我已经在这里工作了好几天了,我在网上找到的所有内容似乎都把我带到了圈子里并且最终验证了我所知道的相同的东西。我知道我确实已经设置了CORS标头。我确信我在ajax调用中使用“withCredentials”。
最终,我希望duplihost的Ajax控制器中的Ping处理程序能够看到有一个名为Original的orghost cookie并且它设置为Chocolate。我非常感谢任何帮助。