1

首先让我说我已经浏览了所有类似的帖子,但没有解决我的问题。我还排除了服务器端没有问题,因为我收到了正确的响应标头,至少如 Fiddler 和 Chrome 开发工具中所示。

我正在使用Thinktecture.IdentityModel并使用 jquery 在客户端进行身份验证,如下所示:

    $.ajax({
        url: tokenEndpoint,
        type: 'GET',
        // jsonp is not an option and it does not work anyway with my server setup
        dataType: "json", // including this does not help
        crossDomain: true, // including this does not help
        beforeSend: function (xhr) {
            xhr.setRequestHeader('Authorization', 'Basic xxxxx');
        },
        success: function () {
            alert('success!');
        },
        error: function(xhr, errorType, exception) {
        }
    });

这是我得到的痕迹:

* 预检 CORS 请求 *

OPTIONS http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://ORIGIN_DOMAIN
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

预检响应

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: http://ORIGIN_DOMAIN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,authorization
Content-Length: 15

{"status":"ok"}

实际的 AJAX 请求

GET http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Accept: */*
Origin: http://ORIGIN_DOMAIN
Authorization: Basic xxxxx
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

AJAX 响应

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 560
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: xxxxx


{
  "access_token": "xxxxx",
  "expires_in": xxx
}

请注意跟踪的最后一行,它来自 Fiddler 选项卡上的 TextView,表明服务器调用成功。我可以确认服务器调用是成功的,因为我调试了服务器端代码并​​且到达了返回该输出的代码并且没有抛出任何错误。任何想法如何使它工作?

4

1 回答 1

1

正如您的问题标题中的错误消息所述,响应缺少 Access-Control-Allow-Origin 标头。根据您在问题末尾发布的响应内容,服务器不包含此标头。所以,问题出在你的服务器上。您需要在响应中包含此标头。

于 2014-01-20T10:35:21.147 回答