为什么删除响应在 webdav 服务器中没有 cors 标头

Why did the delete response have no cors header in the webdav server?

本文关键字:cors 标头 服务器 删除 响应 webdav 为什么      更新时间:2023-09-26

我想实现关于webdav的CORS。

我的机器有一个webdav服务器,ip地址是192.168.7.88。我用 127.0.0.1 的 ip 测试 CORS。

My Web Server config (httpd-dav.conf): 

 DavLockDB "/opt/apache/var/DavLock"
 Alias /webdav "/webdav"
 <Location /webdav>
     DAV On
     Header set Access-Control-Allow-Origin "http://127.0.0.1"
     Header set Access-Control-Allow-Credentials "true"
     Header set Access-Control-Allow-Methods "COPY, DELETE, GET, HEAD, MKCOL, OPTIONS, POST, PROPFIND, PUT"
     Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth,  Range, Content-Range, Cache-Control"
     Header set Access-Control-Expose-Headers "DAV, content-length, Allow"
     Header set Access-Control-Max-Age "36000"
     AuthType Basic
     AuthName "webdav"
     <Limit  COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK>
         Order allow,deny
         Allow from all
         # IP address you allow
         Require valid-user
     </Limit>
 </Location>
 #
 # The following directives disable redirects on non-GET requests for
 # a directory that does not include the trailing slash.  This fixes a 
 # problem with several clients that do not appropriately handle 
 # redirects for folders with DAV methods.
 #
 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
 BrowserMatch "MS FrontPage" redirect-carefully
 BrowserMatch "^WebDrive" redirect-carefully
 BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
 BrowserMatch "^gnome-vfs/1.0" redirect-carefully
 BrowserMatch "^XML Spy" redirect-carefully
 BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
 BrowserMatch " Konqueror/4" redirect-carefully

请求标头 - 选项:

Accept          text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-cn,en-us;q=0.7,en;q=0.3
Access-Control-Request-Me...    DELETE
Connection  keep-alive
Host        192.168.7.88
Origin      http://127.0.0.1
User-Agent  Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
x-insight   activate

响应标头 - 选项(状态 = 200 正常):

Access-Control-Allow-Cred...    true
Access-Control-Allow-Head...    Overwrite, Destination, Content-Type, Depth, Range, Content-Range, Cache-Control
Access-Control-Allow-Meth...    COPY, DELETE, GET, HEAD, MKCOL, OPTIONS, POST, PROPFIND, PUT
Access-Control-Allow-Orig... http://127.0.0.1
Access-Control-Expose-Hea... DAV, content-length, Allow
Access-Control-Max-Age       36000
Access-Control-Request-He... Origin, Content-Type
Allow   OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,PUT,LOCK,UNLOCK
Connection      Keep-Alive
Content-Length  0
Content-Type    text/plain
DAV             1,2, <http://apache.org/dav/propset/fs/1>
Date            Tue, 30 Dec 2014 03:25:53 GMT
Keep-Alive      timeout=5, max=99
MS-Author-Via   DAV
Server          Apache/2.4.10 (Unix) PHP/5.5.15

请求标头 - 删除:

Accept           text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding  gzip, deflate
Accept-Language  zh-cn,en-us;q=0.7,en;q=0.3
Connection  keep-alive
Host        192.168.7.88
Origin      http://127.0.0.1
Referer     http://127.0.0.1/webdavtest
User-Agent  Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
x-insight   activate

响应标头 - 删除:(状态 = 204 无内容)

Connection      Keep-Alive
Content-Length  0
Content-Type    text/plain
Date            Tue, 30 Dec 2014 01:26:31 GMT
Keep-Alive      timeout=5, max=98
Server          Apache/2.4.10 (Unix) PHP/5.5.15

但火狐说:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://192.168.7.88/webdav/b.txt. 
This can be fixed by moving the resource to the same domain or enabling CORS.

我知道删除响应没有 cors 标头,所以火狐说了这些。

为什么删除响应没有 cors 标头?

这是实现 RFC 2616 的 Apache 的已知限制。

这或多或少与本问题中描述的问题相同。

相关文章: