我使用zapworks studio开发AR体验。它使用Z.ajax进行ajax调用。我发出GET请求和POST请求。我还使用smileupps来托管couchdb(他们有免费托管)。这是CORS配置:
凭据:false;标题:接受,授权,内容类型,来源; 方法:GET,POST,PUT,DELETE,OPTIONS,HEAD;起源:*
在Windows上启动ZapWorks Studio时,一切正常。但是,当用Android设备扫描zapcode时,post ajax调用失败。只有帖子。我正在使用basic authentication。我强制说只有管理员可以在couchdb上管理数据库。我可以通过网络浏览器从桌面和手机访问主机,手动完成所有操作。
我尽我所能来解决问题:删除身份验证,更改CORS配置......无效。我认为这是CORS的一个问题,但是一切正常,在Windows和移动设备上只是POST失败了...我的状态代码为0。
编辑 - 新信息,apitester上的测试也适用于桌面和移动设备。
编辑 - Here's the zpp以显示逻辑
编辑 - 在我的手机上尝试使用REST Api Client,它也可以正常使用。这只能是一个CORS问题或zapworks的问题。很奇怪,它适用于Windows,但不适用于手机。
编辑 - 我发现了问题所在,但没有找到解决方法。所以我设置了一个代理来调试this tutorial之后zapworks studio发出的请求。似乎它做了preflight request但得到了回复
" HTTP / 1.1 405方法不允许"
即使有效载荷是
{"错误":" method_not_allowed","原因":"仅删除,获取,头,POST 允许"}
以下是请求:
OPTIONS /ranking HTTP/1.1
Host: somehost.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.zappar.Zappar
和回复:
HTTP/1.1 405 Method Not Allowed
Server: CouchDB/1.6.0 (Erlang OTP/R15B01)
Date: Mon, 18 Jun 2018 21:22:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Cache-Control: must-revalidate
Allow: DELETE,GET,HEAD,POST
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: null
Connection: keep-alive
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}
清楚地表明允许POST ...
在Windows方面,由于某种原因,似乎没有预检请求,我的猜测是它的工作原理。现在问题是如何在couchdb上配置CORS以在android上工作。这些是可用的配置:
enable_cors: true
credentials: false
headers:Accept, Authorization, Content-Type, Origin
methods:GET,POST,PUT,DELETE,OPTIONS,HEAD
origins:*
这是代码:
const Open_SansRegular_ttf0 = symbol.nodes.Open_SansRegular_ttf0;
parent.on("ready", () => {
const Plane0 = symbol.nodes.Plane0;
let ajaxParameters : Z.Ajax.Parameters = {
url: "https://something.smileupps.com/test/_all_docs?include_docs=true",
headers: {"Authorization": "Basic my64encoding"},
method: "GET",
timeout: 3000
};
// Perform the AJAX request
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
ajaxParameters = {
url: "https://something.smileupps.com/test",
headers: {"Content-Type":"application/json", "Authorization": "Basic my64encoding"},
method: "POST",
body: '{"name" : "asdasd", "something": 234}',
timeout: 3000
};
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
});
function checkRequest(statusCode, data) {
if (statusCode === 0) {
Open_SansRegular_ttf0.text("Unable to connect - check network connection.");
console.log("Unable to connect - check network connection.");
return;
}
if (statusCode < 200 || statusCode >= 300) {
Open_SansRegular_ttf0.text("HTTP request failed: " + statusCode);
console.log("HTTP request failed: " + statusCode);
return;
}
// Attempt to parse the data returned from the AJAX request as JSON
let parsedData;
try {
// https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
parsedData = JSON.parse(data);
} catch (e) {
Open_SansRegular_ttf0.text("Unable to parse JSON: " + e);
console.log("Unable to parse JSON: " + e);
return;
}
return parsedData;
}
EDIT 这是Windows上的请求
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US
Authorization:Basic mybase64encoding
Connection:keep-alive
Content-Length:37
Content-Type:application/json
Host:http://something.smileupps.com/test
Origin:file://
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ZapWorksStudio/4.0.4-stable Chrome/58.0.3029.110 Electron/1.7.9 Safari/537.36
X-DevTools-Request-Id:3680.9
X-Requested-With:XMLHttpRequest
和回复:
Access-Control-Allow-Origin:file://
Access-Control-Expose-Headers:Cache-Control, Content-Type, ETag, Server
Cache-Control:must-revalidate
Content-Length:95
Content-Type:text/plain; charset=utf-8
Date:Mon, 18 Jun 2018 21:36:22 GMT
ETag:"1-512f89feb3d0a88781119e772ec6fd7b"
Location:http://something.smileupps.com/test
Server:CouchDB/1.6.0 (Erlang OTP/R15B01)
没有预检。
答案 0 :(得分:0)
您的问题出在请求中:Origin: null
通常是使用file:
而不是http
或{{1}打开包含xhr请求的网页时得到的结果} 协议。这样的来源将不会成功发送任何CORS请求。