我有一个访问.NET WebAPI服务器端的AngularJS Web应用程序.身份验证通过AngularJS-OAuth2库实现.我将应用程序和WebAPI托管在localhost下的两个不同的端口号下.我还在服务器端启用了Microsoft.Owin.Cors包来处理跨域请求.

在Chrome中,GET和POST请求将数据返回到前端.通过Fiddler检查流量,我可以看到在请求和响应中发送了一对请求/响应(预检/ OPTIONS实际)以及相关的CORS头(包括origin和Access-Control- *头).一切如预期.

但是,在Internet Explorer中,我的GET请求通过$http服务返回数据,但POST没有.我可以检查没有预检请求或CORS标头(我认为IE将不同的端口视为相同的来源).在通过Fiddler检查IE中的POST请求/响应时,我可以观察到它返回HTTP状态200但是Aborted状态(设置了X-ABORTED-WHEN：SendingResponse标志).我还可以使用返回的正确数据检查JSON响应.

我也试过设置一个高超时无济于事. $http调用如下所示：

        return $http.post(apiUrl + "/search", service.getParameters(), { timeout: 600000 })
        .success(function (data) {...

Fiddler为IE POST请求显示如下内容：

此外(仅)在IE中,与此POST操作相同的按钮单击也会触发无意的页面刷新.

为什么当正确的数据也返回给客户端并且Chrome根本没有任何问题时,Internet Explorer只会中止POST请求？

附加信息

请求：

POST https://localhost:44321/api//search HTTP/1.1
Content-Type: application/json;charset=utf-8
Accept: application/json, text/plain, */*
Authorization: Bearer <token>
Referer: https://localhost:44322/search
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: localhost:44321
Content-Length: 202
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: .ASPXANONYMOUS=<cookie>

的回复：

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: <file>
X-Powered-By: ASP.NET
Date: Wed, 10 Feb 2016 13:43:45 GMT
Content-Length: 2284

Fiddler会话属性：

SESSION STATE: Aborted.
Request Entity Size: 202 bytes.
Response Entity Size: 2284 bytes.

== FLAGS ==================
BitFlags: [IsHTTPS, ClientPipeReused, ServerPipeReused] 0x19
X-ABORTED-WHEN: SendingResponse
X-CLIENTIP: 127.0.0.1
X-CLIENTPORT: 41889
X-EGRESSPORT: 41890
X-HOSTIP: ::1
X-PROCESSINFO: avp:3584
X-RESPONSEBODYTRANSFERLENGTH: 2,284
X-SERVERSOCKET: REUSE ServerPipe#168

== TIMING INFO ============
ClientConnected:    19:13:42.408
ClientBeginRequest: 19:13:42.444
GotRequestHeaders:  19:13:42.444
ClientDoneRequest:  19:13:42.772
Determine Gateway:  0ms
DNS Lookup:         0ms
TCP/IP Connect: 0ms
HTTPS Handshake:    0ms
ServerConnected:    19:13:42.413
FiddlerBeginRequest:    19:13:42.772
ServerGotRequest:   19:13:42.772
ServerBeginResponse:    19:13:45.360
GotResponseHeaders: 19:13:45.360
ServerDoneResponse: 19:13:45.360
ClientBeginResponse:    19:13:45.360
ClientDoneResponse: 19:13:45.360

    Overall Elapsed:    0:00:02.915

The response was buffered before delivery to the client.

== WININET CACHE INFO ============
This URL is not present in the WinINET cache. [Code: 2]
* Note: Data above shows WinINET's current cache state, not the state at the time of the request.
* Note: Data above shows WinINET's Medium Integrity (non-Protected Mode) cache only.

最佳答案 我相信你会被IE的
P3P policy requirement咬伤：

Internet Explorer supports a cookie-restricting privacy feature called P3P. Web developers often get tripped up by it because no other browser implements the P3P standard.

它似乎与那些QAs类似：

> CORS request with IE11
> CORS doesn’t work with cookies in IE10
> Internet Explorer 10 is ignoring XMLHttpRequest ‘xhr.withCredentials = true’

Here’s a blog post举例说明如何发送P3P信息.这是关于P3P配置的document from Microsoft