问题
Today I attempted to browse a new feature recently deployed to our testing environment (NOT LOCAL). After navigating to the new feature I was met with a blank page. Confused, I checked Chrome's console and found an error:
XMLHttpRequest cannot load https://test.mytestsite.com/SomeApplication/api/SomeController/SomeMethod/8?Id=523283&SecondId=1612w3426653.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.mytestsite.com' is therefore not allowed access.
This code makes an ajax call to a WebAPI (on the same domain) to retrieve some information on document.Ready. I understand the error and I'm familiar with it's typical cause. However, this call is being made from within the same domain AND it works for the other developers on my team.
Symptoms: - Does not work for IE or Chrome/Incognito - Does work for FireFox - Works on all browsers for at least 4 other developers on the same domain that I reside on. (Indicating to me that this is an environmental issue)
Possible causes: - I was doing some CORS research several weeks ago and perhaps I configured some Windows 7 setting to cause this to happen?
Google is saturated with the standard CORS issues, so I'm asking here and hopefully someone can help.
回答1:
The issue at hand was due to inconsistencies between environments.
In our production environment SSL is enforced with a redirect in IIS, while in our testing environment it is not. I was navigating to the site via a bookmark using http. Updating the bookmark, as @epascarello suggested, fixed the problem.
来源:https://stackoverflow.com/questions/20055663/no-access-control-allow-origin-header-same-domain