我正在尝试让 CORS 在我的 IIS 7.5 网络服务器上运行。我在 web.config 中添加了以下几行:
<httpProtocol>
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<remove name="Access-Control-Allow-Headers" />
<remove name="Access-Control-Allow-Methods" />
<add name="Access-Control-Allow-Headers" value="Content-Type,Authorization" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Origin" value="http://srv2008:85" />
<add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
</customHeaders>
</httpProtocol>
检查响应标头时,似乎只有 FireFox (36.0) 选择了正确的标头:
在法郎:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Methods: POST,GET,OPTIONS
access-control-allow-origin: http://srv2008:85
在铬:
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:POST,GET,OPTIONS
Access-Control-Allow-Origin:*
在 IE11 中:
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Content-Type
Access-Control-Allow-Methods POST,GET,OPTIONS
当三个浏览器在网络服务器上请求完全相同的页面时,为什么这三个响应标头不一样?Chrome 和 IE 怎么会忽略我的自定义标头?