无法通过CORS从其他子域获取json ,PREFLIGHT OK 200,但是在GET 200之后,错误,响应为空...
2个子域:
sub1,sub2拥有各自独立的Joomla,分别为.htaccess
类似,现在根据位于其子域上的json为地图提供点(卡)
需要的功能
尝试过 .htaccess和fetch方法中的各种标头具有相同的结果
PREFLIGHT看起来不错,但是始终执行GET总是失败,总是遇到相同的错误:
访问CORS策略已阻止从源“ https://sub2.example.com/kml/sub2points.json”到“ https://sub1.example.com”的获取:请求的资源上没有“ Access-Control-Allow-Origin”标头。如果不透明的响应满足您的需求,请将请求的模式设置为“ no-cors”,以在禁用CORS的情况下获取资源。 GET状态为200,响应为空...
我在做什么错?知道在GET重置响应标头是什么吗? 从第一眼看,req标头中的“ sec-fetch-site:same-site”可能是问题,但我不知道如何更改... 只能更改php.ini或.htaccess,我根本看不到nginx ... 请帮助...
我的设置
/sub2/.htaccess
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://sub1.example.com"
Header always set Access-Control-Expose-Headers: "status, server, date, content-type, last-modified, vary, expires, cache-control, x-backend, content-encoding,Content-Length,API-Key"
Header set Access-Control-Allow-Methods "GET, OPTIONS,HEAD,TRACE"
Header set Vary "Access-Control-Request-Headers,Accept-Encoding"
Header set Access-Control-Allow-Headers "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept,API-Key,If-Modified-Since,Cache-Control"
Header set Access-Control-Max-Age 86400
</IfModule>
/sub1/.htaccess
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin: https://sub2.example.com
Header set Access-Control-Allow-Methods "GET, OPTIONS"
Header set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Accept"
Header set Referrer-Policy "origin-when-cross-origin"
</IfModule>
fetch(url, {
mode: "cors",
headers: {
Accept: "application/json",
"Content-Type": "application/json"
},
"Sec-Fetch-Site": "cross-site",
Origin: thisSubOrigin, //https://sub1.example.com
method: "GET"
})
.then(resp => resp.json())
.catch(error => {
console.log(error);
});
案例 sub1页面尝试获取https://sub2.example.com/kml/sub2points.json
1。前瞻(来自devtools的信息)
curl 'https://sub2.example.com/kml/sub2points.json' -X OPTIONS -H 'authority: sub2.example.com' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'access-control-request-method: GET' -H 'origin: https://sub1.example.com' -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36' -H 'access-control-request-headers: content-type' -H 'accept: */*' -H 'sec-fetch-site: same-site' -H 'sec-fetch-mode: cors' -H 'referer: https://sub1.example.com/' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' --compressed
fetch("https://sub2.example.com/kml/sub2points.json", {"credentials":"omit","headers":{"accept":"*/*","accept-language":"en-GB,en-US;q=0.9,en;q=0.8","cache-control":"no-cache","pragma":"no-cache","sec-fetch-mode":"cors","sec-fetch-site":"same-site"},"referrer":"https://sub1.example.com/","referrerPolicy":"origin-when-cross-origin","body":null,"method":"OPTIONS","mode":"cors"});
常规
Request URL: https://sub2.example.com/kml/sub2points.json
Request Method: OPTIONS
Status Code: 200
Remote Address: 55.240.253.107:443
Referrer Policy: origin-when-cross-origin
响应标题
- access-control-allow-headers: X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept,API-Key,If-Modified-Since,Cache-Control
- access-control-allow-methods: GET, OPTIONS,HEAD,TRACE
- access-control-allow-origin: https://sub1.example.com
- access-control-expose-headers: status, server, date, content-type, last-modified, vary, expires, cache-control, x-backend, content-encoding,Content-Length,API-Key
- access-control-max-age: 86400
- allow: OPTIONS,GET,HEAD,POST,TRACE
- content-length: 0
- content-type: application/json
- date: Tue, 03 Dec 2019 14:12:07 GMT
- server: nginx
- status: 200
- vary: Access-Control-Request-Headers,Accept-Encoding
- x-accel-version: 0.01
- x-backend: 55.240.253.145:80
请求标头
- :authority: sub2.example.com
- :method: OPTIONS
- :path: /kml/sub2points.json
- :scheme: https
- accept: */*
- accept-encoding: gzip, deflate, br
- accept-language: en-GB,en-US;q=0.9,en;q=0.8
- access-control-request-headers: content-type
- access-control-request-method: GET
- cache-control: no-cache
- origin: https://sub1.example.com
- pragma: no-cache
- referer: https://sub1.example.com/
- sec-fetch-mode: cors
- sec-fetch-site: same-site
- user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2。 GET (来自devtools的信息)
curl 'https://sub2.example.com/kml/sub2points.json' -H 'authority: sub2.example.com' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'accept: application/json' -H 'origin: https://sub1.example.com' -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36' -H 'content-type: application/json' -H 'sec-fetch-site: same-site' -H 'sec-fetch-mode: cors' -H 'referer: https://sub1.example.com/' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' --compressed
fetch("https://sub2.example.com/kml/sub2points.json", {"credentials":"omit","headers":{"accept":"application/json","accept-language":"en-GB,en-US;q=0.9,en;q=0.8","cache-control":"no-cache","content-type":"application/json","pragma":"no-cache","sec-fetch-mode":"cors","sec-fetch-site":"same-site"},"referrer":"https://sub1.example.com/","referrerPolicy":"origin-when-cross-origin","body":null,"method":"GET","mode":"cors"});
常规
Request URL: https://sub2.example.com/kml/sub2points.json
Request Method: GET
Status Code: 200
Remote Address: 55.240.253.107:443
Referrer Policy: origin-when-cross-origin
响应标题
- cache-control: max-age=31536000
- content-encoding: gzip
- content-type: application/json
- date: Tue, 03 Dec 2019 14:12:07 GMT
- expires: Wed, 02 Dec 2020 14:12:07 GMT
- last-modified: Wed, 09 Oct 2019 11:57:35 GMT
- server: nginx
- status: 200
- vary: Accept-Encoding
- x-backend: 55.240.253.145:80
请求标头 -
- :authority: sub2.example.com
- :method: GET
- :path: /kml/sub2points.json
- :scheme: https
- accept: application/json
- accept-encoding: gzip, deflate, br
- accept-language: en-GB,en-US;q=0.9,en;q=0.8
- cache-control: no-cache
- content-type: application/json
- origin: https://sub1.example.com
- pragma: no-cache
- referer: https://sub1.example.com/
- sec-fetch-mode: cors
- sec-fetch-site: same-site
- user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36