Fatal编程技术网
  • google-chrome/
  • Google chrome 飞行前请求仅在Chrome上返回404

Google chrome 飞行前请求仅在Chrome上返回404

google-chrome http cors

Google chrome 飞行前请求仅在Chrome上返回404,google-chrome,http,xmlhttprequest,cors,istio,Google Chrome,Http,Xmlhttprequest,Cors,Istio,我正试图通过Chrome访问我网站上的资源,浏览器会对其执行飞行前选项请求。这个飞行前请求在Firefox中甚至在使用cURL时都可以正常工作,但由于某些原因,在Chome中返回404状态。我目前在macOS版本10.15.4上使用Chrome v81.0.4044.129。详情见下文 控制台日志 OPTIONS https://sub.my.website.com/v1/resource 404 Access to XMLHttpRequest at 'https://sub.my.websi

我正试图通过Chrome访问我网站上的资源,浏览器会对其执行飞行前选项请求。这个飞行前请求在Firefox中甚至在使用cURL时都可以正常工作,但由于某些原因,在Chome中返回404状态。我目前在macOS版本10.15.4上使用Chrome v81.0.4044.129。详情见下文

控制台日志

OPTIONS https://sub.my.website.com/v1/resource 404
Access to XMLHttpRequest at 'https://sub.my.website.com/v1/resource' from origin 'https://my.website.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.​

:authority: sub.my.website.com
:method: OPTIONS
:path: /v1/resource/
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7
access-control-request-headers: authorization
access-control-request-method: GET
dnt: 1
origin: https://my.website.com
referer: https://my.website.com/v1/overview
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36

curl -i -X OPTIONS -H "Origin: https://my.website.com" \               
    -H 'Access-Control-Request-Method: GET' \
    -H 'Access-Control-Request-Headers: Authorization' \
    -H 'Referer: https://my.website.com/v1/overview' \
    -H 'Sec-Fetch-Mode: cors' \
    -H 'Sec-Fetch-Dest: empty' \
    -H 'Sec-Fetch-Site: same-site' \
    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36' \
    -H 'DNT: 1' \
    -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7' \
    -H 'Accept-Encoding: gzip, deflate, br' \
    -H 'Accept: */*' \
    "https://sub.my.website.com/v1/resource"
请求标题

OPTIONS https://sub.my.website.com/v1/resource 404
Access to XMLHttpRequest at 'https://sub.my.website.com/v1/resource' from origin 'https://my.website.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.​

:authority: sub.my.website.com
:method: OPTIONS
:path: /v1/resource/
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7
access-control-request-headers: authorization
access-control-request-method: GET
dnt: 1
origin: https://my.website.com
referer: https://my.website.com/v1/overview
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36

curl -i -X OPTIONS -H "Origin: https://my.website.com" \               
    -H 'Access-Control-Request-Method: GET' \
    -H 'Access-Control-Request-Headers: Authorization' \
    -H 'Referer: https://my.website.com/v1/overview' \
    -H 'Sec-Fetch-Mode: cors' \
    -H 'Sec-Fetch-Dest: empty' \
    -H 'Sec-Fetch-Site: same-site' \
    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36' \
    -H 'DNT: 1' \
    -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7' \
    -H 'Accept-Encoding: gzip, deflate, br' \
    -H 'Accept: */*' \
    "https://sub.my.website.com/v1/resource"
卷曲请求和标题

OPTIONS https://sub.my.website.com/v1/resource 404
Access to XMLHttpRequest at 'https://sub.my.website.com/v1/resource' from origin 'https://my.website.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.​

:authority: sub.my.website.com
:method: OPTIONS
:path: /v1/resource/
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7
access-control-request-headers: authorization
access-control-request-method: GET
dnt: 1
origin: https://my.website.com
referer: https://my.website.com/v1/overview
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36

curl -i -X OPTIONS -H "Origin: https://my.website.com" \               
    -H 'Access-Control-Request-Method: GET' \
    -H 'Access-Control-Request-Headers: Authorization' \
    -H 'Referer: https://my.website.com/v1/overview' \
    -H 'Sec-Fetch-Mode: cors' \
    -H 'Sec-Fetch-Dest: empty' \
    -H 'Sec-Fetch-Site: same-site' \
    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36' \
    -H 'DNT: 1' \
    -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7' \
    -H 'Accept-Encoding: gzip, deflate, br' \
    -H 'Accept: */*' \
    "https://sub.my.website.com/v1/resource"
​卷曲​​ 回应

HTTP/1.1 200 OK
access-control-allow-origin: https://my.website.com
access-control-allow-credentials: true
access-control-allow-methods: POST,GET,PUT,DELETE,PATCH,OPTIONS,HEAD,CONNECT
access-control-allow-headers: *
access-control-max-age: 86400
date: Thu, 30 Apr 2020 10:32:17 GMT
server: istio-envoy
content-length: 0
​在此方面的任何帮助都将不胜感激。谢谢