CORS:在access-control-allow-origin标头(IE11)中找不到原点

时间:2017-06-23 14:29:46

标签: java networking cors internet-explorer-11 infrastructure

我有一个网页,对其他子域(subdomain1.domain.com - > subdomain2.domain.com)中的另一个页面执行POST,我明白我需要配置cors来允许这种情况。我做了所有的配置,它适用于CHROME,FIREFOX和IE11 ..

但有一个例外,仅在IE11 ON MY CLIENT NETWORK中,请求无法返回“在access-control-allow-origin标头中找不到来源”

我发现它发生是因为在我的客户端网络中请求不返回SECURITY标头。下面的图片可以更好地解释它:

IE11 OUTSIDE MY CLIENT NETWORK (红色表示从服务器返回CORS)

IE11 OUTSIDE CLIENT NETWORK

IE11 INSIDE MY CLIENT NETWORK (服务器没有安全标头返回)

enter image description here

JAVA代码服务器CORS过滤器(服务器没有安全标头返回)

public class CorsFilter implements Filter {

@Override
public void init(FilterConfig filterConfig) throws ServletException {
}

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse resp = (HttpServletResponse) servletResponse;

    resp.addHeader("Access-Control-Allow-Origin", "https://intranet2.culturainglesa.net");
    resp.addHeader("Access-Control-Allow-Credentials", "true");
    resp.addHeader("Access-Control-Allow-Methods", "GET,POST");
    resp.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

    // Just ACCEPT and REPLY OK if OPTIONS
    if (request.getMethod().equals("OPTIONS")) {
        resp.setStatus(HttpServletResponse.SC_OK);
        return;
    }

    chain.doFilter(request, servletResponse);
}

@Override
public void destroy() {
    // TODO Auto-generated method stub

}

}

1 个答案:

答案 0 :(得分:1)

问题不在服务器端或CORS中,而是在IE11中不通过AJAX在这种特殊情况下发送凭证:

INTERNET ZONE SITE - > INTRANET ZONE SITE

将这两个子域更改为TRUSTED ZONE后,问题就解决了。

这是帮助我解决的问题:

Access denied in IE 10 and 11 when ajax target is localhost

相关问题
最新问题