Javascript CORS GET在Firefox中返回一个空的响应主体
在RESTful主干应用程序中,我正在执行从Javascript CORS GET在Firefox中返回一个空的响应主体,javascript,firefox,backbone.js,cors,Javascript,Firefox,Backbone.js,Cors,在RESTful主干应用程序中,我正在执行从mydomain.com到myExtdomain.com的CORS请求 我确实在我的myExtdomain.com服务器上设置了CORS,我对OPTIONS动词(任何URL)的响应如下: 以及我在myExtdomain.com上的API调用,使用: Access-Control-Allow-Origin: * Content-Type: application/json Status Code: HTTP/1.1 200 OK 我甚至不顾一切地试图
mydomain.com
到myExtdomain.com
的CORS请求
我确实在我的myExtdomain.com
服务器上设置了CORS,我对OPTIONS
动词(任何URL)的响应如下:
以及我在myExtdomain.com上的API调用,使用:
Access-Control-Allow-Origin: *
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
我甚至不顾一切地试图在myExtdomain.com
上响应我所有的HTTP请求:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Content-Type: application/json
Status Code: HTTP/1.1 200 OK
问题
- 一切都很好地工作在铬
- 在Firefox中,我的
请求有效,但我的PUT
请求“有点失败”GET
- 返回的HTTP状态代码为
200 OK
- 但响应为空(无响应正文/大小为0 KB)。。它应该是一些
JSON
- 但是,出于某种原因,每100次中就有一次,一个
请求起作用GET
选项
动词:
REQUEST HEADERS
-----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
RESPONSE HEADERS
-----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
PUT
请求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/account
Origin: http://mydomain.com
Host: www.myExtdomain.com
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 0
Access-Control-Allow-Origin: *
BODY RESPONSE
--------------
_Some_Json_Here_
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/somepage
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
Server: Microsoft-IIS/7.0
Last-Modified: Fri, 15 Nov 2013 06:58:18 GMT
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 4041
Connection: keep-alive
RESPONSE BODY
--------------
Empty (0KB), it's supposed to be some JSON, that *SOMETIMES* (1/100) I get.. Magic.
魔法GET
请求:
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/account
Origin: http://mydomain.com
Host: www.myExtdomain.com
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
X-Powered-By: ASP.NET
Server: Microsoft-IIS/7.0
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 0
Access-Control-Allow-Origin: *
BODY RESPONSE
--------------
_Some_Json_Here_
REQUEST HEADERS
----------------
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Referer: http://mydomain.com/somepage
Origin: http://mydomain.com
Host: www.myExtdomain.com
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/javascript, */*; q=0.01
RESPONSE HEADERS
----------------
Server: Microsoft-IIS/7.0
Last-Modified: Fri, 15 Nov 2013 06:58:18 GMT
Date: Fri, 15 Nov 2013 07:01:57 GMT
Content-Type: application/json
Content-Length: 4041
Connection: keep-alive
RESPONSE BODY
--------------
Empty (0KB), it's supposed to be some JSON, that *SOMETIMES* (1/100) I get.. Magic.
结语
- 正如您所看到的,magic
请求的响应头甚至不包括我在GET
myExtdomain.com
- 另一方面,
请求确实包含它们PUT
- 同样,在Chrome中一切正常,所有的响应头都存在,我得到了预期的
,等等JSON
- 我花了相当长的时间(显然还不够),试图分解需要/不需要的内容,而不是复制/粘贴随机代码
forJSONP
请求对我来说不是一种选择GET
- 我的所有请求(任何动词)都是从非安全页面发出的(不是从
)https://
- 我绝望了
缓存控制:无缓存
头添加到所有API调用响应(在myExtdomain.com
上)解决了我的问题:
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache
出于某种原因,Firefox正在缓存我的API调用,当缓存时,FF无法再次解析JSON。。以一个空的响应体或任何错误结束
现在我记得这不是我第一次用Firefox强制no cache
同样,Chrome一切正常,Chrome不需要缓存控制:no Cache
标题
如果有人知道FF和Chrome(默认设置??)之间的区别,我就不想再多说了
希望这能为某人节省一些时间。对于我来说,解决方案是在服务器端的响应头中添加
访问控制允许凭据:true
:这是设置请求的对称性。withCredentials=true
对于客户端的XMLHttpRequest
对象。对于get请求,内容长度是否每次都非零?或者它有时是非零的(1/100),有时也是非零的(1/100)。所以大多数情况下为0 KB(99/100)。基本上,一切都按预期进行了,只进行了1/100次。这确实节省了我一些时间。谢天谢地,尽管通信是通过无状态REST协议进行的,但这确实起到了令人惊讶的作用。CORS的设计非常糟糕。