问题
I'm making CORS requests between my web application and a server. The request is a simple authorization request. The request is sent, the server sets a "JSESSIONID" cookie, a dialogue box pops up, you type your username and password and then press submit. The httpRequest then completes once the credentials are correct, and the response header sets a "LWSSO_COOKIE_KEY" cookie for the client to use for access.
The problem is that this is working flawlessly in internet explorer, and not in chrome or firefox.
Here's my request code:
// code snippet from : http://www.html5rocks.com/en/tutorials/cors/
// Create the XHR object.
function createCORSRequest(method, url) {
console.log("createCORSRequest: ");
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// XHR for Chrome/Firefox/Opera/Safari.
xhr.open(method, url, true);
xhr.withCredentials = true;
} else if (typeof XDomainRequest != "undefined") {
// XDomainRequest for IE.
xhr = new XDomainRequest();
xhr.open(method, url, false);
} else {
// CORS not supported.
xhr = null;
}
return xhr;
}
// Make the actual CORS request.
function makeCorsRequest(action,URL) {
console.log("makeCorsRequest action: "+action+"; URL: "+URL);
var xhr = createCORSRequest(action, URL);
if (!xhr) {
console.log('CORS not supported');
return;
}
// Response handlers.
xhr.onload = function() {
var text = xhr.responseText;
console.log('Response text from CORS request to ' + URL + ': ' + text);
};
xhr.onerror = function() {
console.log('Woops, there was an error making the request.');
};
xhr.send();
return xhr;
}Issue with firefox is this error: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://someIP:somePort/qcbin/authentication-point/authenticate. (Reason: CORS header 'Access-Control-Allow-Origin' missing)."
The weird part about this is that the authentication http request responds with status 200, and a set cookie header for the "LWSSO_COOKIE_KEY", but then calls the "onerror" handler from makeCorsRequest(action,URL).
headers and cookies from firefox: This header the server responds by setting the JSESSIONID cookie setting the JSESSIONID cookie After submitting my username and password the server responds by setting the JWSSO_COOKIE_KEY: setting the JWSSO_COOKIE_KEY:
Lastly here's the console output:
Issue with Chrome is identical to firefox's behavior. Why does this http request work in Internet explorer but not chrome and firefox?
Here's what the headers and cookies look like in IE (11): Request header: Response header: Cookies: Console: Once again. This is identical code used for all these results, but I'm experiencing different behavior in chrome and firefox than in Internet Explorer.
来源:https://stackoverflow.com/questions/32912732/cross-domain-http-with-internet-explorer-vs-chrome-and-firefox