HTML5 CORS request fails in safari after redirect

问题

I am crafting a CORS request with jQuery to accomplish a SSO type system. User logs into wordpress and with a hook at the same time also logs into Moodle.

The problem I'm having is that in Safari (and only safari ~7+) when the inital POST request is set to moodlesite.com/login/index.php there is a redirect to: moodlesite.com/login/index.php?testsession=user_id.

When this redirect occurs Safari drops the applicable CORS headers and then the request to the redirected URL fails.

回答1:

I posted this question just to answer it because it took me a long time to find a workaround to this safari bug. Hopefully this helps someone.

What i ended up doing is creating another ajax request that runs before the actual request to moodle. This request uses wordpress' AJAX functionality to make a CURL to moodle serverside. This allows me to get the redirected URL (which includes the user's moodle id). Then after that request is complete i make the real request to the moodle server.

Sample code:

// redirect follower ajax request to figure out what the final moodle login url is
// this is necessary becuase SAFARI 7.03 looses CORS headers on ajax requests
add_action( 'wp_ajax_lms_redirect_follower', 'lms_redirect_follower' );
add_action( 'wp_ajax_nopriv_lms_redirect_follower', 'lms_redirect_follower' );
function lms_redirect_follower(){
  $url = 'http://'.get_field('moodle_url', 'options').'/login/index.php'; 
  $username = $_POST['username'];
  $password = $_POST['password'];
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,$url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"username=".$username."&password=".$password);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $server_output = curl_exec ($ch);
    $url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
    echo $url;
    die();
}

function moodle_sso ()
{ ?>
    <script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
    <script>
        function crossDomainPost(user, pass) {
            // first get the redirect url
            var moodle_login_url = 'http://<?php the_field('moodle_url', 'options'); ?>/login/index.php';
            var data = {
                'action': 'lms_redirect_follower',
                'username': user,
                'password':pass
            };
            $.post("<?php echo admin_url( 'admin-ajax.php' ); ?>", data, function(response) {
                moodle_login_url = response;
                $.ajax({
                    type: 'POST',
                    url: moodle_login_url,
                    cache: false,
                      xhrFields: {
                        withCredentials: true
                      },
                      crossDomain: true,
                    data: {"username":user, "password":pass},
                    success: function(responseData, textStatus, jqXHR) {
                       $('#loginform').submit();
                    },
                    error: function (responseData, textStatus, errorThrown) {
                            // console.log(errorThrown);
                            // console.log(responseData);
                    },
                    complete: function(responseData, textStatus, errorThrown){
                            // console.log(errorThrown);
                            // console.log(responseData);
                        }
                });
            });         
        }

        $(document).ready(function(){
            $('#wp-submit').click(function(ev){
                ev.preventDefault();
                return crossDomainPost($('#user_login').val(), $('#user_pass').val());
            })
        })

    </script>
    <?php
}
add_action('login_footer', 'moodle_sso'); 

来源：https://stackoverflow.com/questions/24833312/html5-cors-request-fails-in-safari-after-redirect