Access-Control-Allow-Origin标头不起作用

时间:2014-01-29 06:56:04

标签: asp.net-mvc cors

我正在尝试跨两个Web应用程序启用跨源资源共享,并且仍然收到“Access-Control-Allow-Origin不允许来源X”。

请求如下所示:

Request URL:http://mywebsite:8700/?myparam=blah
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Origin:http://localhost:1715
Referer:http://localhost:1715/stuff
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah

给出错误:

XMLHttpRequest cannot load http://mywebsite:8700/?myparam=blah. Origin http://localhost:1715 is not allowed by Access-Control-Allow-Origin.

如果我直接在浏览器中访问URL,我会得到以下响应标头,并返回正确的JSON 

Request URL:http://mywebsite:8700/?myparam=blah
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Negotiate blahblahblahblahblahblahblahblahblah
Cache-Control:max-age=0
Connection:keep-alive
Cookie:blahblahblah
Host:mywebsite:8700
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko)         Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah

Response Headersview source
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Length:11563
Content-Type:application/json; charset=utf-8
Date:Wed, 29 Jan 2014 06:51:49 GMT
WWW-Authenticate:Negotiate blahblahblah==

使用JSONP是最后的解决方案,因为它会对已经调用此方法的其他应用程序产生影响。

1 个答案:

答案 0 :(得分:0)

结果是请求收到401错误,因此响应服务器甚至没有机会返回Access-Control-Allow-Headers标头。

相关问题
最新问题