我正在我的 Web 应用程序和服务器之间发出 CORS 请求。该请求是一个简单的授权请求。请求发送后,服务器设置一个“JSESSIONID”cookie,弹出一个对话框,输入您的用户名和密码,然后按提交。一旦凭据正确,httpRequest 就会完成,并且响应标头会设置一个“LWSSO_COOKIE_KEY”cookie 供客户端用于访问。
问题是这在 Internet Explorer 中可以完美地工作,而不是在 Chrome 或 Firefox 中。
这是我的请求代码:
// code snippet from : http://www.html5rocks.com/en/tutorials/cors/
// Create the XHR object.
function createCORSRequest(method, url) {
console.log("createCORSRequest: ");
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// XHR for Chrome/Firefox/Opera/Safari.
xhr.open(method, url, true);
xhr.withCredentials = true;
} else if (typeof XDomainRequest != "undefined") {
// XDomainRequest for IE.
xhr = new XDomainRequest();
xhr.open(method, url, false);
} else {
// CORS not supported.
xhr = null;
}
return xhr;
}
// Make the actual CORS request.
function makeCorsRequest(action,URL) {
console.log("makeCorsRequest action: "+action+"; URL: "+URL);
var xhr = createCORSRequest(action, URL);
if (!xhr) {
console.log('CORS not supported');
return;
}
// Response handlers.
xhr.onload = function() {
var text = xhr.responseText;
console.log('Response text from CORS request to ' + URL + ': ' + text);
};
xhr.onerror = function() {
console.log('Woops, there was an error making the request.');
};
xhr.send();
return xhr;
}
Firefox 的问题是这个错误:“跨源请求被阻止:同源策略不允许读取远程资源http://someIP:somePort/qcbin/authentication-point/authenticate http://someIP:somePort/qcbin/authentication-point/authenticate。 (原因:CORS 标头“Access-Control-Allow-Origin”丢失)。”
奇怪的是,身份验证 http 请求响应状态为 200,并设置了“LWSSO_COOKIE_KEY”的 cookie 标头,但随后从 makeCorsRequest(action,URL) 调用“onerror”处理程序。
headers and cookies from firefox:
This header the server responds by setting the JSESSIONID cookie
setting the JSESSIONID cookie
After submitting my username and password the server responds by setting the JWSSO_COOKIE_KEY:
setting the JWSSO_COOKIE_KEY:
Lastly here's the console output:
Chrome 的问题与 Firefox 的行为相同。为什么此 http 请求在 Internet Explorer 中有效,但在 Chrome 和 Firefox 中无效?
Here's what the headers and cookies look like in IE (11):
Request header:
Response header:
Cookies:
Console:
Once again. This is identical code used for all these results, but I'm experiencing different behavior in chrome and firefox than in Internet Explorer.