javascript Chrome 跨域 PATCH 请求不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17468774/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Chrome Cross-Domain PATCH request not working
提问by hynner
I have a website with REST Api and now I′m creating a browser extension, which will collect data from some pages and send them back to the REST Api. Because I want my extension to be compatible with both firefox and chrome, and to be easily maintainable, I′m injecting the actual code into page as a script tag, which is then executed like normal javascript. I′m currently working only on chrome version of the extension and I′ve run into a problem:
我有一个带有 REST Api 的网站,现在我正在创建一个浏览器扩展程序,它将从某些页面收集数据并将它们发送回 REST Api。因为我希望我的扩展程序兼容 firefox 和 chrome,并且易于维护,所以我将实际代码作为脚本标记注入页面,然后像普通的 javascript 一样执行。我目前只在扩展的 chrome 版本上工作,我遇到了一个问题:
When I′m trying to send my data to the api (PATCH request), chrome won′t let me saying:
当我尝试将数据发送到 api(PATCH 请求)时,chrome 不会让我说:
XMLHttpRequest cannot load http://my.rest/api. Origin http://website.comis not allowed by Access-Control-Allow-Origin.
XMLHttpRequest 无法加载http://my.rest/api。Access-Control-Allow-Origin 不允许Origin http://website.com。
I have the Access-Control-Allow-Headers, Methods and Origin all set to proper values, but it still doesn′t work. It works with GET requests though. I′ve also tried POST and PUT request but those don′t work either.
我将 Access-Control-Allow-Headers、Methods 和 Origin 都设置为正确的值,但它仍然不起作用。不过,它适用于 GET 请求。我也尝试过 POST 和 PUT 请求,但它们也不起作用。
Here are my headers:
这是我的标题:
Request:
要求:
OPTIONS /some/api/path HTTP/1.1
Host: my.rest
Connection: keep-alive
Access-Control-Request-Method: PATCH
Origin: http://website.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
X-FireLogger: 1.1
Access-Control-Request-Headers: accept, x-http-auth-user, x-http-auth-token, origin, content-type
Accept: */*
Referer: http://website.com/index.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: cs-CZ,cs;q=0.8
Response:
回复:
Access-Control-Allow-Headers:accept, x-http-auth-user, x-http-auth-token, origin, content-type
Access-Control-Allow-Methods:PATCH
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Type:text/html; charset=utf-8
Date:Thu, 04 Jul 2013 10:50:08 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.2 (Win64) PHP/5.4.3
X-Frame-Options:SAMEORIGIN
X-Powered-By:Nette Framework
I′ve also tried setting Access-Control-Allow-Origin to exactly same value as Origin header, but it didn′t work. Furthemore it seems to be working in Firefox. I have Chrome 27, which should be up-to-date.
我也尝试将 Access-Control-Allow-Origin 设置为与 Origin 标头完全相同的值,但它不起作用。此外,它似乎在 Firefox 中工作。我有 Chrome 27,它应该是最新的。
回答by Shashank Shukla
you should allow OPTIONS in your response header..
你应该在你的响应头中允许 OPTIONS ..
"Access-Control-Allow-Methods ", "GET, POST,HEAD, OPTIONS,PUT, DELETE"
“访问控制允许方法”、“GET、POST、HEAD、OPTIONS、PUT、DELETE”
回答by imekinox
I face a similar problem in node.jswith CORS
我在node.jsCORS 中遇到了类似的问题
You need to set the Access-Control-Allow-Originto the specific domain not a wildcard.
您需要将 设置Access-Control-Allow-Origin为特定域而不是通配符。
Example: Access-Control-Allow-Originto http://website.com
示例:Access-Control-Allow-Origin到http://website.com
(You can have on your server an array of origins allowed and check against the request if it is allowed then answer with that one instead of wildcards.)
(您可以在您的服务器上设置一组允许的源,并检查请求是否允许,然后用那个而不是通配符回答。)
Also, you can set the Access-Control-Allow-Methodsheaders to a list of options like:
此外,您可以将Access-Control-Allow-Methods标题设置为选项列表,例如:
POST, GET, OPTIONS, DELETE, PUT
回答by Bhalchandra K
I tried the CORS on Chrome 27.0.1453.116 and it worked for me. From the client side all i did is in jquery AJAX set the 'crossDomain' to true.
我在 Chrome 27.0.1453.116 上尝试了 CORS,它对我有用。从客户端,我所做的只是在 jquery AJAX 中将“ crossDomain”设置为true。
$.ajax('http://localhost/Elements.Services/Elements.svc/REST/Element/Get?ID=1', {
type: 'GET',
crossDomain: true,
success: function (data) {
alert(data);
}
});
While on REST service side for each request set the following response headers:
在 REST 服务端为每个请求设置以下响应标头:
("Access-Control-Allow-Headers", "Accept") or ("Access-Control-Allow-Headers", HTTPRequest.RequestedHeaders + "Accept")
("Access-Control-Allow-Methods", "POST,PUT,GET")
- ("Access-Control-Allow-Origin", "*")
("Access-Control-Allow-Headers", "Accept") 或 ("Access-Control-Allow-Headers", HTTPRequest.RequestedHeaders + "Accept")
(“访问控制允许方法”,“POST,PUT,GET”)
- (“访问控制允许来源”,“*”)
Hereis Great article on CORS working, which really helped me.
这是关于 CORS 工作的好文章,对我很有帮助。
回答by Wes
In your WebApi:
在您的 WebApi 中:
Addthe Microsoft.AspNet.WebApi.CorsNuGet package to the project
将Microsoft.AspNet.WebApi.CorsNuGet 包添加到项目中
Make sure you also register CORS supporteither Globally, at the Controller, or at the Action.
确保您还在全局、控制器或操作处注册了 CORS 支持。
Global -In your WebApiConfig.csfile from App_Startfolder add:
全球-在您的WebApiConfig.cs从文件App_Start文件夹添加:
public static void Register(HttpConfiguration config)
{
public static void Register(HttpConfiguration config)
{
// New code:
var cors = new EnableCorsAttribute(
origins: "*",
headers: "*",
methods: "*");
config.EnableCors(cors);
// New code:
var cors = new EnableCorsAttribute(
origins: "*",
headers: "*",
methods: "*");
config.EnableCors(cors);
// Other configurations
// Other configurations
}
}
Controlleror Action -If desired/required to place support at these levels (this will overwrite global settings- Action > Controller > Config). Above Controller or Action signature:
控制器或操作 -如果需要/需要在这些级别放置支持(这将覆盖全局设置- 操作 > 控制器 > 配置)。上面的控制器或动作签名:
[EnableCors(origins: "http://localhost:[*port #*]", headers: "*", methods: "*")]
[EnableCors(origins: "http://localhost:[*port #*]", headers: "*", methods: "*")]
Note:* are "wildcards", might want to put the domain making the request ex:(http://localhost:[port #])
注:*表示“通配符”,可能想要把域发出请求例如:(HTTP://本地主机:端口号])
Something that is very easy to miss/forget...
很容易错过/忘记的东西......
IN solution explorer, right-click api-project. In properties window set 'Anonymous Authentication' to Enabled !!!
在解决方案资源管理器中,右键单击 api-project。在属性窗口中将“匿名身份验证”设置为已启用!!!
回答by Cengkuru Michael
why not just use PUTinstead of PATCHand your request type. They pretty much do the same thing
为什么不直接使用PUT代替PATCH和您的请求类型。他们几乎做同样的事情
