我遇到了这个问题,似乎只影响Safari(11.1)。相同的代码可以在Firefox和Chrome上正常运行。 当启用基本HTTP身份验证(在两个站点上)时,我正在尝试进行跨域Ajax请求。 Https也已启用。我在Macbook Pro上使用的是Apache 2.4.29。
设置是在本地计算机上运行两个测试站点foo.com和bar.com。 foo.com向驻留在bar.com上的json文件发出Ajax请求。如前所述,所有通信都是通过我用自签名证书设置的https进行的。
这是我的Apache配置
<VirtualHost *:443>
ServerName foo.com
DocumentRoot "/Users/richardhunter/development/cors-experiment/foo"
ErrorLog "/private/var/log/apache2/foo-error-log"
CustomLog "/private/var/log/apache2/foo-access-log" common
SSLEngine on
SSLCertificateFile "/Users/richardhunter/development/cors-experiment/certificates/foo/foo.crt"
SSLCertificateKeyFile "/Users/richardhunter/development/cors-experiment/certificates/foo/foo.key"
<Directory "/Users/richardhunter/development/cors-experiment/foo">
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/Users/richardhunter/development/cors-passwords"
Require user richard
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName bar.com
DocumentRoot "/Users/richardhunter/development/cors-experiment/bar"
ErrorLog "/private/var/log/apache2/bar-error-log"
CustomLog "/private/var/log/apache2/bar-access-log" common
SSLEngine on
SSLCertificateFile "/Users/richardhunter/development/cors-experiment/certificates/bar/bar.crt"
SSLCertificateKeyFile "/Users/richardhunter/development/cors-experiment/certificates/bar/bar.key"
Header set Access-Control-Allow-Origin "https://foo.com"
Header set Access-Control-Allow-Credentials true
<Directory "/Users/richardhunter/development/cors-experiment/bar">
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/Users/richardhunter/development/cors-passwords"
Require user richard
</Directory>
</VirtualHost>
在Safari上,我在控制台中收到此错误:
TypeError: Origin https://foo.com is not allowed by Access-Control-Allow-Origin.
(anonymous function)
如果我关闭服务器上的身份验证,则该呼叫有效。错误日志中没有其他有用的东西了。
我希望可以在实时站点上的Safari上进行这种类型的跨域调用(不使用自签名证书),但是我不知道是这种情况。显然,我很想知道。我还希望我的本地环境尽可能地复制一个实时环境。
我的代码在this Github repo
中