Re[9]: Javascript+WCF: ошибка CORS
От: Win32nipuh  
Дата: 22.08.15 18:00
Оценка: 24 (4)
Здравствуйте, Serginio1, Вы писали:

S>Здравствуйте, Win32nipuh, Вы писали:


S>>>По методичке https://msdn.microsoft.com/en-us/magazine/dn532203.aspx

S>>>нужно указать Setting

S>В методичке пишут


S>

S>There’s an interesting twist to this discussion of credentials and authentication. The description up to this point has been for the scenario where the browser is implicitly sending credentials. It’s possible for a JavaScript client to explicitly send credentials (again, typically via the Authorization header). If this is the case, then none of the aforementioned rules or behaviors related to credentials applies.

S>For this scenario, the client would explicitly set the Authorization header on the request and wouldn’t need to set withCredentials on the XMLHttpRequest. This header would trigger a preflight request and the server would need to allow the Authorization header with the Access-Control-Allow-Headers CORS response header. Also, the server wouldn’t need to issue the Access-Control-­Allow-Credentials CORS response header.

S>Here’s what that client code would look like to explicitly set the Authorization header:


S>
S>$.ajax({
S>  url: "http://localhost/WebApiCorsServer/Resources/1",
S>  headers: {
S>    "Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3Mi..."
S>  }
S>  // Other settings omitted
S>});
S>

S>Here’s the preflight request:

S>
S>OPTIONS http://localhost/WebApiCorsServer/Resources/1 HTTP/1.1
S>Host: localhost
S>Access-Control-Request-Method: GET
S>Origin: http://localhost:55912
S>Access-Control-Request-Headers: authorization
S>Accept: */*
S>



S>Here’s the preflight response:


S>
S>HTTP/1.1 200 OK
S>Access-Control-Allow-Origin: *
S>Access-Control-Allow-Headers: authorization
S>


S> Ну и фиддлером очень удобно смотреть трафик





Нашел, п-ц...
Была невинная секция в конфиге и она не позволяла отправлять ответы на запросы OPTIONS.
Закрыл — ответы на OPTIONS начали уходить и всё чики-пики, ну кодом в сервисе, естественно, добавляющим 4 заголовка

  <diagnostics wmiProviderEnabled="false">
      <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="false" logMessagesAtTransportLevel="true" maxMessagesToLog="3000" maxSizeOfMessageToLog="200000" />
    </diagnostics>
 
Подождите ...
Wait...
Пока на собственное сообщение не было ответов, его можно удалить.