为啥使用 Origin 标头时找不到路由
Posted
技术标签:
【中文标题】为啥使用 Origin 标头时找不到路由【英文标题】:Why is route not found when using Origin header为什么使用 Origin 标头时找不到路由 【发布时间】:2014-07-07 17:25:12 【问题描述】:我的 WebAPI 2.1 服务在请求 OPTIONS /project/id 时返回 404“找不到路由”错误。我正在使用基于属性的路由。
使用 CuRL,我发现当我省略 Origin 标头时请求成功。
我已启用 CORS,请像这样设置我的控制器:
[RoutePrefix("project")]
public class ProjectController : ApiController
protected ProjectRepo Repo;
public ProjectController()
if (System.Web.HttpContext.Current.Request.HttpMethod == HttpMethod.Options.ToString())
return;
Repo = new ProjectRepo();
[Route("id?")]
public HttpResponseMessage Options(int? id = null)
return new HttpResponseMessage StatusCode = HttpStatusCode.OK ;
web.config 设置为允许所有来源:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, OPTIONS, PUT, POST, DELETE, HEAD" />
<add name="Access-Control-Allow-Headers" value="Accept, Authorization, Origin, Content-Type, X-Requested-With" />
<add name="Access-Control-Expose-Headers" value="Accept, Origin, Content-Type, X-Requested-With" />
</customHeaders>
</httpProtocol>
第一个 CuRL 请求失败并返回 404,但在我删除 Origin 标头后下一个请求成功。
1.传递 Origin 标头的 CuRL 请求返回 400 Not Found:
$ curl -v -H "Origin: http://localhost:51696/project/1" \
-H "Access-Control-Request-Method: DELETE" -X OPTIONS \
http://localhost:51696/project/1
* Adding handle: conn: 0x4c3378
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x4c3378) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 51696 (#0)
* Trying ::1...
* Connected to localhost (::1) port 51696 (#0)
> OPTIONS /project/1 HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:51696
> Accept: */*
> Origin: http://localhost:51696/project/1
> Access-Control-Request-Method: DELETE
>
< HTTP/1.1 404 Not Found
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< Expires: -1
* Server Microsoft-IIS/8.0 is not blacklisted
< Server: Microsoft-IIS/8.0
< X-AspNet-Version: 4.0.30319
< X-SourceFiles: =?UTF-8?B?YzpccHJvamVjdHNcYW5hbHl0aWNzXENvbVNlcnZpY2VcQ29tU2VydmljZVxwcm9qZWN0XDE=?=
< X-Powered-By: ASP.NET
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, OPTIONS, PUT, POST, DELETE, HEAD
< Access-Control-Allow-Headers: Accept, Authorization, Origin, Content-Type, X-Requested-With, X-360i-Authorization
< Access-Control-Expose-Headers: Accept, Origin, Content-Type, X-Requested-With, X-360i-Authorization
< Date: Mon, 19 May 2014 16:29:45 GMT
< Content-Length: 197
<
"Message":"No HTTP resource was found that matches the request URI 'http://localhost:51696/project/1'.","MessageDetail":"No action was found on the controller
'Project' that matches the request."* Connection #0 to host localhost left intact
2。没有 Origin 标头的 CurRL 请求返回 200 OK:
$ curl -v -H "Access-Control-Request-Method: DELETE" -X OPTIONS \
http://localhost:51696/project/1
* Adding handle: conn: 0x1d63238
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1d63238) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 51696 (#0)
* Trying ::1...
* Connected to localhost (::1) port 51696 (#0)
> OPTIONS /project/1 HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:51696
> Accept: */*
> Access-Control-Request-Method: DELETE
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: -1
* Server Microsoft-IIS/8.0 is not blacklisted
< Server: Microsoft-IIS/8.0
< X-AspNet-Version: 4.0.30319
< X-SourceFiles: =?UTF-8?B?YzpccHJvamVjdHNcYW5hbHl0aWNzXENvbVNlcnZpY2VcQ29tU2VydmljZVxwcm9qZWN0XDE=?=
< X-Powered-By: ASP.NET
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, OPTIONS, PUT, POST, DELETE, HEAD
< Access-Control-Allow-Headers: Accept, Authorization, Origin, Content-Type, X-Requested-With, X-360i-Authorization
< Access-Control-Expose-Headers: Accept, Origin, Content-Type, X-Requested-With, X-360i-Authorization
< Date: Mon, 19 May 2014 16:29:03 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
【问题讨论】:
【参考方案1】:我对这一切都很陌生,所以您可能已经想到了以下内容,但是由于您的问题并不清楚,我想我会提一下。
您是如何启用 CORS 的?您可以按控制器、按操作或全局执行此操作。查看您问题中的控制器代码,我看不到您的控制器的任何 [EnableCors(...)] 属性或任何操作,所以也许您在全球范围内这样做了?如果是这样,您是否使用了EnableCorsAttribute 实例:
var cors = new EnableCorsAttribute("www.example.com", "*", "*");
config.EnableCors(cors);
或者你刚刚做了:
config.EnableCors();
哪个还不够?
【讨论】:
最初,我通过调用 EnableCors() 来启用 cors。我可以通过传入 EnableCorsAttribute 实例来解决问题: EnableCorsAttribute("","","") 并从 web.xml 中删除 Access-Control- 标头。配置【参考方案2】:像这样启用 CORS 后它可以工作:
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
并注释了 web.config 中的大部分 Access-Control-* 标头:
<system.webServer>
<httpProtocol>
<customHeaders>
<!-- enable CorsAttribute explicitly in WebApiConfig.cs
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, HEAD, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Origin, Authorization, X-Requested-With, X-360i-Authorization" />
-->
<add name="Access-Control-Expose-Headers" value="Accept, Origin, Content-Type, X-Requested-With, X-360i-Authorization" />
</customHeaders>
</httpProtocol>
【讨论】:
以上是关于为啥使用 Origin 标头时找不到路由的主要内容,如果未能解决你的问题,请参考以下文章
尝试安装 pg gem 时找不到'libpq-fe.h 标头
Invoke-RestMethod:发送到标头时找不到请求的身份验证数据