CORS 预检请求返回 HTTP 405

问题描述

我正在尝试创建一个 RESTful Web 服务，但在实现 PUT 请求时遇到了困难.我已尝试关注此网站上的其他答案以及 Mozilla 的各种文章，但未能成功.

I am trying to create a RESTful web service and have gotten stuck on implementing PUT requests. I have tried and failed to follow other answers on this site and various articles from Mozilla.

请求是从域 wwwtest.dev-box 生成的，它会发送到 test.dev-box (基本上是一个前端应用程序调用后端应用程序).以下是我从 Live HTTP 标头中捕获的标头:

The request is generated from the domain wwwtest.dev-box and it's going to test.dev-box (basically a front-end app calling the back-end app). Here are the headers I have captured from Live HTTP headers:

http://test.dev-box/resource/v1/data/user/1

OPTIONS /resource/v1/data/user/1 HTTP/1.1
Host: test.dev-box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://wwwtest.dev-box
Access-Control-Request-Method: PUT
Connection: keep-alive

HTTP/1.1 405 Method Not Allowed
Date: Wed, 16 Oct 2013 16:15:58 GMT
Server: Apache/2.2.15 (Red Hat)
x-powered-by: PHP/5.3.27
Access-Control-Allow-Origin: http://wwwtest.dev-box
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS
Access-Control-Max-Age: 1728000
Content-Length: 0
Allow: PUT
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8

我正在使用一个框架，因此所有内容都被路由到 web.php，它在页面顶部包含以下代码(取自 这篇 MDN 文章):

I'm using a framework so everything is routed to web.php, which contains the following code at the top of the page (taken from this MDN article):

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    header('Access-Control-Allow-Origin: http://wwwtest.dev-box');
    header('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS');
    header('Access-Control-Max-Age: 1728000');
    header("Content-Length: 0");
    header("Content-Type: text/plain");
} else {
    header("HTTP/1.1 403 Access Forbidden");
    header("Content-Type: text/plain");
}

在我的代码发出 PUT 请求之前，它首先发送 CORS 预检 OPTIONS 请求(从上面的捕获中可以看到).必要的标头应附加到响应中，并告诉请求者允许 PUT.不幸的是，正如您从上面的响应标头中看到的那样，即使 PUT 在响应 access-control-allow-methods 中，它仍然返回 405 Method Not Allowed.

Before my code makes the PUT request it sends the CORS preflight OPTIONS request first (as you can see from the capture above). The necessary headers should be attached to the response and tell the requester that PUT is allowed. Unfortunately as you can see from the response headers above it is still returning 405 Method Not Allowed even though PUT is in the response access-control-allow-methods.

这是我正在使用的框架 (Silex) 的 .htaccess 文件:

This is the .htaccess file for the framework I'm using (Silex):

<IfModule mod_rewrite.c>
    Options -MultiViews

    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ web.php [QSA,L]
</IfModule>

推荐答案

我发现答案是 Apache 和框架配置之间的交叉.

I've found the answer to be a cross between Apache and framework configuration.

1. 对于 Apache 配置，您可以将以下内容放入您的 VirtualHost 指令中，或放入所请求域的 .htaccess 文件中(如果在 .htaccess 中，请记住使用 IfModule mod_headers.c 标签封装).在 mod_rewrite 重定向到的页面上设置标题不起作用:

1. For the Apache config you can either put the following into your VirtualHost directive, or in the .htaccess file of the requested domain (if it's in the .htaccess remember to encapsulate with IfModule mod_headers.c tags). Setting the headers on the page that mod_rewrite redirects to does not work:

标头集 Access-Control-Allow-Origin "http://wwwtest.dev-box"

Header set Access-Control-Allow-Origin "http://wwwtest.dev-box"

标头集 Access-Control-Allow-Methods "GET,POST,HEAD,DELETE,PUT,OPTIONS"

Header set Access-Control-Allow-Methods "GET,POST,HEAD,DELETE,PUT,OPTIONS"

对于 Silex 配置，将以下内容放入您的应用程序路由中.它基本上为它收到的任何 OPTIONS 请求发送 HTTP 200 OK.Silex Google Group 上的代码:

For the Silex config, place the following into your application routes. It basically sends an HTTP 200 OK for any OPTIONS request it receives. Code found on the Silex Google Group:

$app->match("{url}", function($url) 使用 ($app) {返回确定"；})->assert('url', '.*')->method("OPTIONS");

$app->match("{url}", function($url) use ($app) { return "OK"; })->assert('url', '.*')->method("OPTIONS");

需要完成这两个步骤才能使 RESTful 应用程序正常运行.

Both steps need to be completed for the RESTful application to function properly.

这篇关于CORS 预检请求返回 HTTP 405的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！