凭据错误的 ServiceStack V4 Basic Auth + CORS
ServiceStack V4 Basic Auth with wrong credentials + CORS
我正在尝试为 ServiceStack V4 项目启用 CORS。我的插件配置如下:
Plugins.Add(new CorsFeature(allowedHeaders:"Content-Type, Authorization"));
我也使用 HTTP basic auth 进行身份验证:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
{
new BasicAuthProvider(), //Sign-in with Basic Auth
new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
}));
编辑
HTTP 请求(我使用基本身份验证发送无效凭据)
GET http://localhost:1337/channel/channel1/history HTTP/1.1
User-Agent: Fiddler
Origin: http://google.com
Host: localhost:1337
Authorization: Basic dXNlcjE6aW52YWxpZHBhc3M=
HTTP 响应(无 CORS headers)
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=5JzRkMjA1eCcFhANnsWL; path=/; HttpOnly
Set-Cookie: ss-pid=UM738YinHoIl9hgQBf9o; expires=Sun, 20-May-2035 07:36:00 GMT; path=/; HttpOnly
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcV29ya1xPdmFsYXlcT3ZhbGF5XGNoYW5uZWxcY2hhbm5lbDFcaGlzdG9yeQ==?=
X-Powered-By: ASP.NET
Date: Wed, 20 May 2015 07:36:00 GMT
Content-Length: 1454
{<json body with error message goes here>}
一切正常,直到 我尝试从客户端发送无效的用户凭据。在这种情况下,CORS headers 被省略,浏览器无法访问响应消息。 我是否遗漏了一些配置细节?
我能够在 AppHost 中使用以下配置解决此问题:
UncaughtExceptionHandlers.Add((req, res, name, exception) =>
{
//this is needed for inclusion of CORS headers in http error responses
//(for example when invalid user credentials passed)
res.ApplyGlobalResponseHeaders();
});
我正在尝试为 ServiceStack V4 项目启用 CORS。我的插件配置如下:
Plugins.Add(new CorsFeature(allowedHeaders:"Content-Type, Authorization"));
我也使用 HTTP basic auth 进行身份验证:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
{
new BasicAuthProvider(), //Sign-in with Basic Auth
new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
}));
编辑
HTTP 请求(我使用基本身份验证发送无效凭据)
GET http://localhost:1337/channel/channel1/history HTTP/1.1
User-Agent: Fiddler
Origin: http://google.com
Host: localhost:1337
Authorization: Basic dXNlcjE6aW52YWxpZHBhc3M=
HTTP 响应(无 CORS headers)
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=5JzRkMjA1eCcFhANnsWL; path=/; HttpOnly
Set-Cookie: ss-pid=UM738YinHoIl9hgQBf9o; expires=Sun, 20-May-2035 07:36:00 GMT; path=/; HttpOnly
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcV29ya1xPdmFsYXlcT3ZhbGF5XGNoYW5uZWxcY2hhbm5lbDFcaGlzdG9yeQ==?=
X-Powered-By: ASP.NET
Date: Wed, 20 May 2015 07:36:00 GMT
Content-Length: 1454
{<json body with error message goes here>}
一切正常,直到 我尝试从客户端发送无效的用户凭据。在这种情况下,CORS headers 被省略,浏览器无法访问响应消息。 我是否遗漏了一些配置细节?
我能够在 AppHost 中使用以下配置解决此问题:
UncaughtExceptionHandlers.Add((req, res, name, exception) =>
{
//this is needed for inclusion of CORS headers in http error responses
//(for example when invalid user credentials passed)
res.ApplyGlobalResponseHeaders();
});