gpt4 book ai didi

google-chrome - Chrome 在 HTTP 302 重定向时取消 CORS XHR

转载 作者:行者123 更新时间:2023-12-03 06:40:44 30 4
gpt4 key购买 nike

看起来像根据CORS Spec 、GET 和 POST 请求应透明地遵循 302 重定向。但 Chrome 正在取消我的请求。

这是执行请求的 JS:

var r = new XMLHttpRequest();
r.open('GET', 'https://dev.mysite.com/rest', true);
r.send();

应该发生以下情况:

  1. 客户端:XHR POST 请求到/rest
  2. 服务器:响应 HTTP 302 重定向至/rest/
  3. 客户端:遵循该重定向

但在第 2 步之后,Chrome 会取消该请求。如果没有 HTTP 302,该请求将完美运行。我已经确认了这一点。

当请求运行时,我在 Chrome 的网络面板中只能看到一个 XHR——一个取消的 POST 请求,没有响应 header 或响应正文。

使用Chrome的net-internals工具进行调试,我看到服务器发送了响应,之后请求被取消。这是请求的输出:

79295: URL_REQUEST
https://dev.mysite.com/rest
Start Time: 2013-08-30 12:41:11.637

t=1377880871637 [st= 0] +REQUEST_ALIVE [dt=13455]
t=1377880871638 [st= 1] URL_REQUEST_BLOCKED_ON_DELEGATE [dt=1]
--> delegate = "extension Adblock Plus"
t=1377880871639 [st= 2] +URL_REQUEST_START_JOB [dt=13453]
--> load_flags = 143540480 (DO_NOT_SAVE_COOKIES | DO_NOT_SEND_AUTH_DATA | DO_NOT_SEND_COOKIES | ENABLE_LOAD_TIMING | MAYBE_USER_GESTURE | REPORT_RAW_HEADERS | VERIFY_EV_CERT)
--> method = "POST"
--> priority = 2
--> upload_id = "0"
--> url = "https://dev.mysite.com/rest"
t=1377880871639 [st= 2] HTTP_CACHE_GET_BACKEND [dt=0]
t=1377880871639 [st= 2] +HTTP_STREAM_REQUEST [dt=7]
t=1377880871646 [st= 9] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 79296 (HTTP_STREAM_JOB)
t=1377880871646 [st= 9] -HTTP_STREAM_REQUEST
t=1377880871646 [st= 9] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=1377880871646 [st= 9] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /facultyportfolio-rest HTTP/1.1
Host: dev.liberty.edu
Connection: keep-alive
Content-Length: 46
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: http://localhost:8080/ajaxtest.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
t=1377880871646 [st= 9] HTTP_TRANSACTION_SEND_REQUEST_BODY
--> did_merge = true
--> is_chunked = false
--> length = 46
t=1377880871646 [st= 9] -HTTP_TRANSACTION_SEND_REQUEST
t=1377880871646 [st= 9] +HTTP_TRANSACTION_READ_HEADERS [dt=1001]
t=1377880871646 [st= 9] HTTP_STREAM_PARSER_READ_HEADERS [dt=1000]
t=1377880872646 [st= 1009] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 Found
Date: Fri, 30 Aug 2013 16:41:11 GMT
Server: Apache/2
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Credentials: true
Location: https://dev.mysite.com/rest/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/plain; charset=UTF-8
t=1377880872647 [st= 1010] -HTTP_TRANSACTION_READ_HEADERS
t=1377880872647 [st= 1010] +URL_REQUEST_BLOCKED_ON_DELEGATE [dt=12445]
t=1377880885091 [st=13454] CANCELLED
t=1377880885092 [st=13455] -URL_REQUEST_START_JOB
--> net_error = -3 (ERR_ABORTED)
t=1377880885092 [st=13455] -REQUEST_ALIVE

最后,您可以看到“已取消”,因为“URL_REQUEST_BLOCKED_ON_DELEGATE”。我不知道这意味着什么。但同样,如果没有 HTTP 302 重定向,则不会发生错误。

有人知道是什么原因导致 Chrome 取消此请求吗?

最佳答案

这里的答案是混合的,暗示了代码中的某些设置等,这可能会解决 CORS 的重定向问题,但 CORS 规范明确指定了此类 CORS 重定向何时会失败/通过:根据规范,浏览器应该

  1. 如果对重定向资源的请求不需要飞行前检查(例如没有自定义 header 的简单 CORS 请求),则允许 3XX 重定向。请参阅https://www.w3.org/TR/cors/#simple-cross-origin-request-0

If the manual redirect flag is unset and the response has an HTTP status code of 301, 302, 303, 307, or 308 Apply the redirect steps

  • 如果对重定向资源的请求需要飞行前检查,则不允许 3XX 重定向。请参阅https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
  • If the response has an HTTP status code of 301, 302, 303, 307, or 308 Apply the cache and network error steps.

    我在 github 存储库中探索了各种 CORS 场景:https://github.com/monmohan/cors-experiment .

    重定向失败的这个特定问题也可以通过此处的 bundle 轻松地单独重现:https://github.com/monmohan/cors-experiment/tree/master/issue

    关于google-chrome - Chrome 在 HTTP 302 重定向时取消 CORS XHR,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18539403/

    30 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com