问题描述
我在我的 apache 服务器配置中添加了 CORS 支持标头,并且像“Access-Control-Allow-Origin”这样的标头对于正常的 JS/CSS 请求来说是正常的。
对于 XMLHttpRequest 调用,预检(我有几个自定义标头)请求显示为成功,但随后的实际调用失败,指出标头中不存在“Access-Control-Allow-Origin”。关于可能出什么问题的任何建议?
注意:该 URL 是受 SSO 保护的 URL,并且在 apache 层中也配置了一些重定向。
例如。 JS/CSS 请求的响应头
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Auth-Token,X-PINGOTHER,Content-Language,Accept-Language
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: https://example.com
Access-Control-Expose-Headers: Authorization,*
Access-Control-Max-Age: 3600
Connection: Keep-Alive
content-encoding: gzip
Content-Length: 2168
Content-Type: application/javascript
Date: Thu,22 Jul 2021 05:15:37 GMT
Keep-Alive: timeout=5,max=96
Last-Modified: Thu,10 Dec 2020 09:13:16 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
x-frame-options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
实际请求错误:
Access to XMLHttpRequest at 'https://example.net/getData' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Apache 配置:
Header add Access-Control-Allow-Methods "GET,OPTIONS"
Header add Access-Control-Allow-Headers "Content-Type,Accept-Language"
Header add Access-Control-Allow-Headers "Content-Type,Accept-Language,Access-Control-Allow-Origin"
Header add Access-Control-Max-Age "3600"
Header add Access-Control-Allow-Credentials "true"
Header add Access-Control-Expose-Headers "Authorization,*"
SetEnvIf Referer "^(.*)example.com(.*)$"
hosta=$1example.com
Header add Access-Control-Allow-Origin %{hosta}e env=hosta
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)