为什么删除响应在 webdav 服务器中没有 cors 标头
Why did the delete response have no cors header in the webdav server?
我想实现关于webdav的CORS。
我的机器有一个webdav服务器,ip地址是192.168.7.88。我用 127.0.0.1 的 ip 测试 CORS。
My Web Server config (httpd-dav.conf):
DavLockDB "/opt/apache/var/DavLock"
Alias /webdav "/webdav"
<Location /webdav>
DAV On
Header set Access-Control-Allow-Origin "http://127.0.0.1"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Methods "COPY, DELETE, GET, HEAD, MKCOL, OPTIONS, POST, PROPFIND, PUT"
Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, Range, Content-Range, Cache-Control"
Header set Access-Control-Expose-Headers "DAV, content-length, Allow"
Header set Access-Control-Max-Age "36000"
AuthType Basic
AuthName "webdav"
<Limit COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK>
Order allow,deny
Allow from all
# IP address you allow
Require valid-user
</Limit>
</Location>
#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with several clients that do not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully
请求标头 - 选项:
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-cn,en-us;q=0.7,en;q=0.3
Access-Control-Request-Me... DELETE
Connection keep-alive
Host 192.168.7.88
Origin http://127.0.0.1
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
x-insight activate
响应标头 - 选项(状态 = 200 正常):
Access-Control-Allow-Cred... true
Access-Control-Allow-Head... Overwrite, Destination, Content-Type, Depth, Range, Content-Range, Cache-Control
Access-Control-Allow-Meth... COPY, DELETE, GET, HEAD, MKCOL, OPTIONS, POST, PROPFIND, PUT
Access-Control-Allow-Orig... http://127.0.0.1
Access-Control-Expose-Hea... DAV, content-length, Allow
Access-Control-Max-Age 36000
Access-Control-Request-He... Origin, Content-Type
Allow OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,PUT,LOCK,UNLOCK
Connection Keep-Alive
Content-Length 0
Content-Type text/plain
DAV 1,2, <http://apache.org/dav/propset/fs/1>
Date Tue, 30 Dec 2014 03:25:53 GMT
Keep-Alive timeout=5, max=99
MS-Author-Via DAV
Server Apache/2.4.10 (Unix) PHP/5.5.15
请求标头 - 删除:
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-cn,en-us;q=0.7,en;q=0.3
Connection keep-alive
Host 192.168.7.88
Origin http://127.0.0.1
Referer http://127.0.0.1/webdavtest
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 FirePHP/0.7.4
x-insight activate
响应标头 - 删除:(状态 = 204 无内容)
Connection Keep-Alive
Content-Length 0
Content-Type text/plain
Date Tue, 30 Dec 2014 01:26:31 GMT
Keep-Alive timeout=5, max=98
Server Apache/2.4.10 (Unix) PHP/5.5.15
但火狐说:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://192.168.7.88/webdav/b.txt.
This can be fixed by moving the resource to the same domain or enabling CORS.
我知道删除响应没有 cors 标头,所以火狐说了这些。
为什么删除响应没有 cors 标头?
这是实现 RFC 2616 的 Apache 的已知限制。
这或多或少与本问题中描述的问题相同。
相关文章:
- Elasticsearch https cors已启用,但仍获得No'访问控制允许来源'标头存在于请求的
- CORS标头'缺少访问控制允许原点
- 具有WWW-Authenticate标头的同源CORS
- IE没有't请参阅CORS标头作为响应
- CORS标头'访问控制允许来源'失踪的科多瓦
- 授权标头仅在 AJAX CORS 请求中追加一次
- 简单请求中的 Cors 错误:请求标头字段 预检响应中的访问控制-允许-标头不允许授权
- CORS 标头“访问控制允许源”丢失,但它存在于标头中
- 为什么删除响应在 webdav 服务器中没有 cors 标头
- 旧系统的 CORS 问题 - 没有“访问控制允许源”标头
- 执行预检请求时是否需要访问控制允许源 CORS 标头
- 为什么我需要 CORS 标头来请求可下载的链接
- CORS标头包含信息,但Angular js$http.get不起作用
- 跨来源请求被阻止:(原因:缺少CORS标头'访问控制允许来源')
- 设置CORS标头在Chrome, Firefox或移动浏览器中不起作用
- CORS标头在MEAN堆栈应用程序中不工作
- 快速启用CORs标头仍然会导致错误
- 在浏览器中删除状态码>= 400的CORS标头
- AngularJS:不能发送带有适当CORS标头的POST请求
- CORS标头未设置-我可以请求一个图像url,然后将其发送回自己吗