【发布时间】:2013-09-01 05:01:19
【问题描述】:
如果包含基本身份验证,预检 HTTP 请求会是什么样子?喜欢下面的对话吗?我无法理解哪些标头需要发送到哪里,也因为它无法使用 Firebug 正确调试它
客户:
OPTIONS /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Origin: http://jsconsole.com
服务器:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
客户:
GET /api/resource HTTP/1.1
Access-Control-Request-Method: GET
Access-Control-Allow-Credentials: true
Origin: http://jsconsole.com
服务器:
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
WWW-Authenticate: Basic realm="Authorisation Required"
客户:
GET /api/resource HTTP/1.1
Access-Control-Allow-Credentials: true
Authorization: Basic base64encodedUserAndPassword
Access-Control-Request-Method: GET
Origin: http://jsconsole.com
服务器:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Max-Age: 1728000
Access-Control-Allow-Credentials: true
【问题讨论】:
-
在avalanche123.com/blog/2011/10/10/…avalanche123.com/blog/2011/10/10/…这篇文章的中途查看“CORS with basic auth”部分
-
不幸的是,雪崩博客条目已过时。 Chrome 完全支持基本身份验证。但是,除非您使用安全设置,否则 IE 不会。
标签: http web-applications cors basic-authentication asp.net-web-api