Express / NodeJS上的CORS问题,在Internet Explorer中不可用的服务

我有一个基于REST的服务写在Express / NodeJS上。 我已经编写了CORS(跨源资源共享)实现代码。 和服务可以从浏览器,如铬,Firefox等消耗..但不是从Internet Explorer,(我使用IE9,我检查了IE浏览器IE-10,CORS错误信息仍然存在于控制台中)

CODE FROM routes.js节点服务器端的文件

var config = require('./config.js'); exports.setup = function (params) { var controllers = params.controllers; var app = params.app; // CORS (Cross Origin Resource Sharing) Implementation app.all('/*', function(req, res, next) { res.header("Access-Control-Allow-Credentials", config.responseSettings.AccessControlAllowCredentials); res.header("Access-Control-Allow-Origin", (req.headers.origin) ? req.headers.origin : config.responseSettings.AccessControlAllowOrigin); res.header("Access-Control-Allow-Headers", (req.headers['access-control-request-headers']) ? req.headers['access-control-request-headers'] : "x-requested-with"); res.header("Access-Control-Allow-Methods", (req.headers['access-control-request-method']) ? req.headers['access-control-request-method'] : config.responseSettings.AccessControlAllowMethods); next(); }); app.get('/', function(req, res) { res.render('index', { title: 'Welcome }) }); function auth(req, res, next) { if (req.session.UserId || (req.query.apikey && config.apikeys.indexOf(req.query.apikey) > -1)) { next(); } else { res.send(401); } } app.get('/Session/:id?', controllers.SessionController.getSession); app.post('/Session', controllers.SessionController.createSession); app.del('/Session/:id', controllers.SessionController.deleteSession); ... } 

以下是config.jf文件的代码

 module.exports = { "db": { "mongodb": "mongodb://admin:XYX123@localhost/xyx", "username": "abc", "password": "abc123", "database": "abcdb", "server": "localhost" }, "cookiesecret": "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz", "responseSettings": { "AccessControlAllowOrigin": "*", "AccessControlAllowHeaders": "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version", "AccessControlAllowMethods": "POST,GET,PUT,DELETE", "AccessControlAllowCredentials": true }, "apikeys": ['587c57365b54e8283fd6b1ac24acf29d', '4de04266bdd87410de698cfc33c55d68', '232c0252cee5e97148636ee2efd6ee94'], //only 1 is used now }; 

这是我的server.js(app.js)文件//configuration

 app.configure(function () { app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.cookieParser()); app.use(express.session({ // to set a time here only for session expire secret: config.cookiesecret, store: new MongoStore({ db: config.db.database, host: config.db.server, username: config.db.username, password: config.db.password }) })); app.use(app.router); app.use(express.static(__dirname + '/public')); }); app.configure('development', function () { app.use(express.errorHandler({ dumpExceptions: true, showStack: true })); }); app.configure('production', function () { app.use(express.errorHandler()); }); // Routes routes.setup({ 'controllers': controllers, 'app': app }); app.listen(process.env.port || 3000); console.log("Express server listening on port %d in %s mode", app.address().port, app.settings.env); 

这些服务不能从IE获得。 这是我在这个堆栈中的第一个应用程序,我的理解是有限的,请提出一个解决scheme。

客户端在Backbonejs中完成:这是客户端的代码

 define([ 'config', 'jquery', 'underscore', 'backbone' ], function (config, $, _, Backbone) { var SessionModel = Backbone.Model.extend({ urlRoot: config.BaseUrl + '/Session', initialize: function () { var that = this; $.ajaxPrefilter(function (options, originalOptions, jqXHR) { options.xhrFields = { withCredentials: true }; }) }, login: function (creds, callback) { // Do a POST to /session and send the serialized form creds this.save(creds, { success: callback }); }, logout: function (callback) { // Do a DELETE to /session and clear the clientside data var that = this; this.destroy({ success: function (model, resp) { model.clear() model.id = null; // Set auth to false to trigger a change:auth event // The server also returns a new csrf token so that // the user can relogin without refreshing the page that.set({ auth: false }); callback(); } }); }, getAuth: function (callback) { // getAuth is wrapped around our router // before we start any routers let us see if the user is valid this.fetch({ //success: callback success: function (req, res) { //alert("success"); callback(); }, error: function (err) { //alert("error"); callback(); } }); } }); return new SessionModel; }); 

“getAuth”是首先运行的函数,它警告 – 成功,而在Chrome和Firefox上运行,但从IE提醒错误

正如比尔所评论的,IE使用XDR。 您正在寻找的解决scheme在这里: https : //github.com/jaubourg/ajaxHooks/blob/master/src/xdr.js

基本上我有一个最初的JS文件(jQuery加载后)的代码,这将做的伎俩。