Javascript Internet Explorer 10 忽略 XMLHttpRequest 'xhr.withCredentials = true'
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12643960/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Internet Explorer 10 is ignoring XMLHttpRequest 'xhr.withCredentials = true'
提问by Rendijs S
I'm currently having an issue with a cross-domain ajax call using IE10 (in IE10 mode, not compatibility).
我目前在使用 IE10 进行跨域 ajax 调用时遇到问题(在 IE10 模式下,不兼容)。
Situation:
I have two domains, http://aand http://b. I have a cookie set for http://b. I am currently on page http://a.
情况:我有两个域,http://a和http://b. 我有一个 cookie 设置http://b。我目前在页面上http://a。
I want to do a CORS request to http://busing XMLHttpRequest (which should work, according to http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx), and include the cookie in the request.
The JS is as follows:
我想做一个http://b使用 XMLHttpRequest的 CORS 请求(根据http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx,它应该可以工作),并在请求中包含 cookie。JS如下:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://b', true);
xhr.withCredentials = true;
xhr.send();
This should ensure that the cookie is attached to the request; however, the Fiddler trace shows that no cookie is attached, and I get 401: Access Denied.
这应该确保 cookie 附加到请求中;但是,Fiddler 跟踪显示没有附加 cookie,我得到401: Access Denied.
The server is configured to work with CORS, it includes the Access-Control headers:
服务器配置为使用 CORS,它包含访问控制标头:
Access-Control-Allow-Origin: http://a
Access-Control-Allow-Credentials: true
(this should not make any difference, since there is no OPTIONS preflight request, and the first request IE sends is a GET, and the cookie is not present, thus causing a 401).
(这应该没有任何区别,因为没有 OPTIONS 预检请求,并且 IE 发送的第一个请求是 GET,并且 cookie 不存在,因此导致 401)。
Furthermore, the JS snippet works fine in both Firefox and Opera.
此外,JS 代码段在 Firefox 和 Opera 中都可以正常工作。
回答by Anomie
It's probably the same old IE P3P issue. With IE's default settings, if a cookie is set without a P3P header also present in the response, the cookie is marked as "first-party only". Which means that in a third-party context, such as an iframe or a CORS request, IE will refuse to send the cookie.
这可能是同一个旧的 IE P3P 问题。使用 IE 的默认设置,如果设置的 cookie 没有 P3P 标头也出现在响应中,则 cookie 被标记为“仅限第一方”。这意味着在第三方上下文中,例如 iframe 或 CORS 请求,IE 将拒绝发送 cookie。
To fix it, you need to supply a P3P header when setting the cookies. See http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspxfor details.
要修复它,您需要在设置 cookie 时提供 P3P 标头。有关详细信息,请参阅http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx。
Update: Link is now dead, but you can see it at the Internet Archive
更新:链接现已失效,但您可以在Internet Archive 中看到它
回答by Andrew M. Andrews III
I had a similar problem, and it turned out that the browser settings were blocking third-party cookies (IE10 > Internet Options > Privacy > Advanced > Third Party Cookies > Accept). To solve the problem, I checked "Override automatic cookie handling", "Accept" (Third-party Cookies) and "Always allow session cookies."
我遇到了类似的问题,结果发现浏览器设置阻止了第三方 cookie(IE10 > Internet 选项 > 隐私 > 高级 > 第三方 Cookies > 接受)。为了解决这个问题,我选中了“覆盖自动 cookie 处理”、“接受”(第三方 cookie)和“始终允许会话 cookie”。
回答by Pierre Guilbert
We added a header Vary : cookie and it worked..
我们添加了一个标头 Vary : cookie 并且它起作用了..
