iOS上的CORS问题-尽管已设置allow-origin

问题描述 投票:0回答:1

我正在处理一个非常随机的CORS问题。它似乎仅在iOS上发生。我收到以下错误:

Origin https://example.com is not allowed by Access-Control-Allow-Origin.
XMLHttpRequest cannot load https://app.example.com/wp-json/jwr/v1/post/some-page?lang=en&base=http:%2F%2Fexample.com due to access control checks.

[如果我选择将请求复制为CURL以检查响应标头,则会获得具有正确来源(access-control-allow-origin)的https://example.com。这是我的网址:

curl -I 'https://app.example.com/wp-json/jwr/v1/post/some-page?lang=en&base=http:%2F%2Fexample.com' \
-XGET \
-H 'Accept: application/json, text/plain, */*' \
-H 'Origin: https://example.com' \
-H 'Referer: https://example.com/product/iii-2' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1'

响应为:

HTTP/2 200
date: Fri, 29 May 2020 09:55:46 GMT
content-type: application/json; charset=UTF-8
set-cookie: __cfduid=d375235a85031bbff36405f001ee745cd1590746146; expires=Sun, 28-Jun-20 09:55:46 GMT; path=/; domain=.example.com; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.3.18
x-robots-tag: noindex
link: <https://example.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
access-control-allow-headers: Authorization, Content-Type
allow: GET
access-control-allow-origin: https://example.com
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-allow-credentials: true
vary: Origin,User-Agent
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 008_HTTP.200,008_default,008_URL.e1c0006b9e2f4270481e05837157f805,008_REST,008_
etag: "205-1590745340;;;"
x-litespeed-cache: miss
alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=691200
cf-cache-status: HIT
age: 806
cf-request-id: 030174fdb90000d8a5da008200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 59af5775fa90d8a5-CPH

您可以看到所有的CORS标头都在那里,而且看似正确。

我在这里想念什么?

ios api safari cors
1个回答
0
投票

尝试编写这段代码

services.AddCors(options => options.AddPolicy("CorseName",
                         builer => builer.WithOrigins("origin_url")
                                         .AllowAnyMethod()
                                         .AllowAnyHeaders();
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.