科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>iis - 403 PUT when using different subdomain in origin header but CORS fully enabled (*) - Stack Overflow

    iis - 403 PUT when using different subdomain in origin header but CORS fully enabled (*) - Stack Overflow

    programmeradmin0浏览0评论

    I've been trying to troubleshoot this for days and I've about given up.

    **Working request: ** curl -X "PUT" "; -H "origin: ; -H "accept: application/json" -H "authorization: Bearer eyJddXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxOTg5MDMiLCJhaWQiOiIiLCJleHAiOjEuNzQzNDMyNDM1RTksImlhdCI6MS43MzgyNasdfzIjoiIn0.9lh5WqdFojv3uaDJA4lGwOqNARzyvniuXNB1id0R6KY" -H "content-type: application/json" -H "x-api-client-version: 2" -H "x-api-key: oL8oIPrFLBV5DZqNNNDNDfp6T9v5OEYh7FJuDHy" --data-raw "{\"assignment_status\":\"My Update\"}" -v

    **403 request: ** curl -X "PUT" "; -H "origin: ; -H "accept: application/json" -H "authorization: Bearer eyJddXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxOTg5MDMiLCJhaWQiOiIiLCJleHAiOjEuNzQzNDMyNDM1RTksImlhdCI6MS43MzgadsfibGFfaWRzIjoiIn0.9lh5WqdFojv3uaDJA4lGwOqNARzyvniuXNB1id0R6KY" -H "content-type: application/json" -H "x-api-client-version: 2" -H "x-api-key: oL8oIPrFLBV5DZqNNNDNDfp6T9v5OEYh7FJuDHy" --data-raw "{\"assignment_status\":\"My Update\"}" -v

    Note: The only difference between these 2 is the 'origin' domain.

    NOT working result:

    Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

    I can't find anything more about the error in logs or anywhere else. I've enabled

    CORS is enabled in my web.config file, be even disabling it doesn't seem to make any difference. Here's my CORS entry:

    <cors enabled="true" failUnlistedOrigins="true">
    <add origin="*" allowed="false" />
    <add origin="https://*.exampledomain" allowCredentials="true">
        <allowHeaders allowAllRequestedHeaders="true" />
        <allowMethods>
            <add method="HEAD" />
            <add method="GET" />
            <add method="PUT" />
            <add method="POST" />
            <add method="DELETE" />
            <add method="OPTIONS" />
        </allowMethods>             
     </add>
</cors>

    I'm using the hosts file to point that domain locally, so we can eliminate any outside network issues.

    Basic auth is Disabled, anonymous is enabled.

    I've enabled Failed Request Logging for 403s, but nothing gets written.

    This request is served by Coldfusion. I've made sure all of the permissions are set correctly for IIS user, app pool user etc on the isapi dll (jakarta/isapi_redirect.dll).

    It almost doesn't seem like a CORS issue since it does show the NOTworking domain allowed as well as the PUT verb.

    Here's the full response when it fails:

    first curl response chunk

    second curl response chunk

    Sorry, I had to post most of this as an image because stackoverflow keeps telling me my post is spam. Any guidance is much appreciated.

    Here's the warning from the failed request log: Failed warning

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论