1. 技术文章
  2. Strategy for CORS - issue with IE10 : xhr status returns 0 for HTTP 401

Strategy for CORS - issue with IE10 : xhr status returns 0 for HTTP 401

混江龙づ霸主 提交于 2019-12-06 05:54:27

问题


I have the following setup on my server:

  • Apache HTTP Server is serving a BackboneJS frontend application
  • Apache Tomcat is serving a Java based backend (CORS enabled).

Everything is running on a single server that I have full control over.

I'm currently using com.thetransactioncompany.cors.CORSFilter in the Java based backend to enable CORS. Everything seens to be working fine.

My frontend has the following code to redirect the user to the login page in case an un-authenticated REST call occurred:

$.ajaxSetup({

    statusCode: {
        401: function(){
            window.location.replace('/#login');

        },

        403: function() {
            window.location.replace('/#denied');
        }
    },
    cache: false
});

Everything works fine on all major browsers except for IE10.

In IE10, when the non-authenticated users calls the REST serverm the server returns an HTTP 401 (as it should). The XHR object I'm seeing in the IE debugger hoewever seems to have translated this into status = 0. (On chrome you can cleary see that it has status = 401.

This appears to be a bug in IE10 where IE10 is treating HTTP status 401 as a network error. The console shows:

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied

  • Is there a way to workaround this ? I can add handling for statusCode 0 in the ajaxSetup but that seems more of a hack.

  • Is there a way to disable CORS altogether through some kind of Apache / Tomcat configuration ?

Currently my apache configuration is setup using vhosts so that the following public URLs map their corresponding internal hostname / ports.

http://mywebapp.com -> http://myrealservername:8080/   -> /var/www/http
http://myrestapi.com -> http://myrealservername:8088/  -> /usr/local/tomcat/webapps/restapi

Would it be possible / advisable to have Apache

  • continue serving the static webapp from http://mywebapp.com/restapi
  • exposing the REST API on http://mywebapp.com/restapi (keeping it "inside" the webapp).

If such a setup were possible I wouldn't need CORS anymore ? It would keep things a lot simpler while increasing browser support ?

来源:https://stackoverflow.com/questions/19207372/strategy-for-cors-issue-with-ie10-xhr-status-returns-0-for-http-401

标签
apache
xmlhttprequest
internet-explorer-10
cors
virtualhost
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!