后台: -我创建了一个托管在本地系统IIS中的WCF服务。服务公开GET / POST方法和跨域启用,也可以使用https访问。为了使其可访问,使用自签名证书。
测试: -当我尝试进行跨域ajax调用时,它可以在IE10 / Edge中正常处理GET请求和POST请求(只有那些不接受数据作为json的post方法)。我可以在chrome / Firebox浏览器中为任何GET / POST请求进行跨域调用。当在ajax调用中传递contenttype:accept / json参数时,只有它的IE 10 / Edge导致问题才能对POST请求进行跨域调用。
研究: -我阅读了很多博客/ mdn并了解了其中IE不虔诚地追随cors的cors的规范。我知道cors规范并没有提供自定义标题/标题的价值,因为这些标准会导致预检中止。
ajax请求的示例我正在制作: -
var postDT = { "postValue": "test" };
debugger;
$.support.cors = true;
$.ajax({
type: "POST",
data: JSON.stringify(postDT),
url: "http://ateet3371/Service1.svc/postdata",
contentType: "application/json; charset=utf-8",
dataType: "JSON",
processData: true,
success: function (data) {
alert(data);
},
error: function (jqXHR, textStatus, errorThrown) {
var a = jqXHR;
alert(jqXHR + '---' + textStatus + '---' + errorThrown);
}
});
如果我删除了contentType: "application/json; charset=utf-8",那么它会抛出错误的请求错误,否则会抛出拒绝访问错误。
WCF中的方法实现是: -
[OperationContract]
[WebInvoke(Method = "POST", ResponseFormat = WebMessageFormat.Json, UriTemplate = "PostResponseData")]
string PostResponseData(PostDataTest postDT);
并且datacontract是: -
[DataContract]
public class PostDataTest
{
private string post_value;
// Apply the DataMemberAttribute to the property.
[DataMember]
public string postValue
{
get { return post_value; }
set { post_value = value; }
}
}
如果我使用方法PostUrl数据,则成功执行ajax调用并返回正确的结果,如果ContentType:" Application / json"标头已从请求中删除。
[OperationContract]
[WebInvoke(Method = "POST", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json, UriTemplate = "PostUrlData/{value}")]
string PostUrlData(string value);
我已经在WCF的Global.asax中的BeginRequest事件中编写代码来处理选项请求: -
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS" )
{
//These headers are handling the "pre-flight" OPTIONS call sent by the browser
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, HEAD");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, X-Requested-With, Session");
HttpContext.Current.Response.AddHeader("Access-Control-Expose-Headers", "DAV, content-length, Allow" );
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache,no-store");
HttpContext.Current.Response.End();
}
我无法在IE中启用Allow cross domain call设置,因为最终用户不会执行此类步骤。
陷入困境:但仍然无法在IE 10 / Edge(已启用cors)中进行JSON数据调用。
(已编辑)更新:
托管WCF的IIS站点仅启用匿名身份验证,同时禁用其他身份验证。
即使我尝试使用https的有效证书,但它仍然不适用于IE,但适用于Chrome。
请求标题
OPTIONS https://service.domian.com/projectservice.svc/GetMultiListData HTTP/1.1
Accept: */*
Origin: https://sitename.servicedomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type, accept
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: sitename.servicedomain.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
响应标头
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Server: Microsoft-IIS/7.5
Access-Control-Allow-Origin: sitename.servicedomain.com
Access-Control-Allow-Methods: GET,POST,PUT,HEAD
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Content-Type,Accept,X-Requested-With,Session
Access-Control-Expose-Headers: DAV,content-length,Allow
Access-Control-Max-Age: 1728000
X-Powered-By: ASP.NET
Date: Thu, 04 Aug 2016 17:26:27 GMT
Content-Length: 0
请通过大量文章和博客帮助我,但仍然无法解决问题。
非常感谢您的帮助!
专家请帮助我!
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
