下面一個簡單的策略:Azure的API管理CORS:爲什麼我收到 「開始 '訪問 - 控制 - ' 被拆除頭......」
<policies>
<inbound>
<cors>
<allowed-origins>
<origin>http://microfost.com/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>GET</method>
<method>POST</method>
<method>PATCH</method>
<method>DELETE</method>
</allowed-methods>
<allowed-headers>
<header>content-type</header>
<header>accept</header>
<header>Authorization</header>
</allowed-headers>
</cors>
</inbound>
</policies>
HTTP請求
OPTIONS https://XXXX.azure-api.net/demo/XXX/XXX/* HTTP/1.1
Host: XXXX.azure-api.net
Ocp-Apim-Trace: true
Ocp-Apim-Subscription-Key: <secret>
Origin: http://microfost.com
Access-Control-Request-Headers: Authorization
Access-Control-Request-Method: GET
回覆內容
Access-Control-Allow-Origin: http://microfost.com
Ocp-Apim-Trace-Location: <trace>
Date: Mon, 27 Feb 2017 20:09:14 GMT
Content-Length: 0
我收到這封郵件並期待Origin response header我沒有收到3封API中的2封的任何內容(1 API正在工作與預期相同的政策)。
**Inbound**
[...]
cors (0 ms)
"Cross domain request was well formed and was allowed to proceed. CORS related headers were added to the response."
**Backend**
No records.
Outbound
cors (0 ms)
{
"message": "Headers starting with 'Access-Control-' were removed from the response. ",
"headers": []
}
transfer-response (0 ms)
{
"message": "Response headers have been sent to the caller."
}
這在我看來是無意義的行爲,可能是一個錯誤。在提交之前,我想問問你是否有任何解釋?我爲什麼得到這個?
從「訪問控制 - 」開始的標題從 響應中刪除。
這是你得到的整個迴應?您應該獲得Access-Control-Allow-Headers,Access-Control-Allow-Origin,Access-Control-Max-Age和Access-Control-Allow-Methods標題。但不只是「起源」。 CORS規範(https://www.w3.org/TR/cors/)將Origin描述爲僅請求頭。 –
是的。這是我得到的整個迴應。我缺少的是你提到的標題。 –
嘗試將\t 添加到您的入境政策,因此更高層面的政策的將被稱爲 –