【发布时间】:2014-12-21 08:37:24
【问题描述】:
我将 ServiceStack 配置为启用 CORS:
Plugins.Add( new CorsFeature(
allowOriginWhitelist: new List<string>() { "http://localhost", "http://localhost:8080" },
allowCredentials: true,
allowedHeaders: "Content-Type, Allow, Authorization"
) );
PreRequestFilters.Add( ( request, response ) =>
{
if( request.Verb == "OPTIONS" )
{
response.EndRequest();
}
} );
OPTIONS 请求和响应看起来很棒,并且以 http://localhost:8080 为源成功。但是,随后的 GET 失败,因为根据 Chrome 的说法,它缺少 Access-Control-Allow-Origin 标头。
这是错误:
请求的资源上不存在“Access-Control-Allow-Origin”标头。 Origin
http://localhost:8080因此不允许访问。
这是请求:
GET /app/api/operations/metadata HTTP/1.1
Host: dummy.domain.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: http://localhost:8080/dev.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
下面是回复:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-IIS/7.5
X-Powered-By: ServiceStack/4.034 Win32NT/.NET
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Allow, Authorization
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 20 Dec 2014 17:22:38 GMT
Content-Length: 38203
注意缺少的 Access-Control-Allow-Origin 标头。
【问题讨论】:
标签: servicestack cors