xhrFields withCredentials:true不发送cookie

时间:2017-11-07 19:19:02

标签: asp.net ajax cookies asp.net-ajax

我有一个.Net MVC UI,它通过ajax与web api通信。 

$.ajax({
        type: 'GET',
        url: apiUrl,
        xhrFields: {
            withCredentials: true
        }
    });

在Web API上我有以下自定义标题:

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value = "origin"/>
        <add name="Access-Control-Allow-Credentials" value = "true"/>
        <add name="Access-Control-Allow-Headers" value = "X-Requested-With, X-Prototype-Version, Content-Type, Cache-Control, Pragma, Origin" />
        <add name="Access-Control-Allow-Methods" value = "GET, PUT, POST, DELETE" />
        <add name="Access-Control-Expose-Headers" value="origin"/>
      </customHeaders>
    </httpProtocol>

它在localhost上运行,所有cookie和creadentials都被发送,但是它在服务器上不起作用,cookie不在请求头上发送。我是否必须在IIS上进行任何配置?

在服务器上请求标头:

GET /Midia/avatar/usuario HTTP/1.1
Host: *link
Connection: keep-alive
Accept: */*
Origin: origin
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Referer: *link*
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4

服务器上的响应标头:

HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Content-Type, Cache-Control, Pragma, Origin
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Origin: origin
Access-Control-Expose-Headers: origin
Date: Wed, 08 Nov 2017 12:03:51 GMT
Content-Length: 0

答案是400,因为当它没有收到cookie时,webapi会回答400.

localhost上的请求标头:

GET /midia/avatar/usuario/ HTTP/1.1
Host: localhost:53819
Connection: keep-alive
Accept: */*
Origin: http://localhost:64853
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Referer: *link*
Accept-Encoding: gzip, deflate, br
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: __RequestVerificationToken_L0F1dGVudGljYWNhbw2=DtCsXQUKw6eR3KbEcKQYg1X7iiCAvhaa24NtmGkE-r-JhYFNp0R8Zza1tzURfpO5FBQdTlcj7CeQCcLk93Zsg7iw89I1; ASP.NET_SessionId=ulvf0uszdeddlsfs5vapggef; AuthToken=52c4b98b-a75f-4fef-83ec-83bdb786bff6

0 个答案:

没有答案
相关问题
最新问题