javascript 使用 jQuery 和 Tornado 进行跨域资源共享 (CORS)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11463688/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
cross-origin resource sharing (CORS) with jQuery and Tornado
提问by kradeki
Let's say, I have a Tornado web server (localhost) and a web page (othermachine.com), and the latter contains javascript that needs to make cross-domain ajax calls to the Tornado server.
比方说,我有一个 Tornado Web 服务器 (localhost) 和一个网页 (othermachine.com),后者包含需要对 Tornado 服务器进行跨域 ajax 调用的 javascript。
So I set up my Tornado as such:
所以我设置了我的 Tornado:
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
self.set_header("Access-Control-Allow-Origin", "http://www.othermachine.com")
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS")
self.set_header("Access-Control-Allow-Headers",
"Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, X-Requested-By, If-Modified-Since, X-File-Name, Cache-Control")
And my javascript makes a jQuery call:
我的 javascript 进行了 jQuery 调用:
$.ajax({
type: 'GET',
url: "http://localhost:8899/load/space",
data: { src: "dH8b" },
success: function(resp){
console.log("ajax response: "+resp);
},
dataType: 'json',
beforeSend: function ( xhr ) {
xhr.setRequestHeader('Content-Type', 'text/plain');
xhr.setRequestHeader('Access-Control-Request-Method', 'GET');
xhr.setRequestHeader('Access-Control-Request-Headers', 'X-Requested-With');
xhr.withCredentials = true;
}
});
But I get the lovely XMLHttpRequest cannot load http://localhost:8899/load/space?src=dH8b. Origin http://www.othermachine.com is not allowed by Access-Control-Allow-Originerror. I can't tell which side of jQuery / Tornado (or both?) am I not setting up correctly.
但我得到了可爱的XMLHttpRequest cannot load http://localhost:8899/load/space?src=dH8b. Origin http://www.othermachine.com is not allowed by Access-Control-Allow-Origin错误。我不知道 jQuery/Tornado(或两者?)的哪一边我没有正确设置。
According to dev tools, these are the headers the jQuery request is sending:
根据开发工具,这些是 jQuery 请求发送的标头:
Request Headers
请求头
Accept:*/*
Origin:http://www.othermachine.com
Referer:http://www.othermachine.com/athletes.html?src=BCYQ&msgid=6xjb
User-Agent:Mozilla/5.0 ...
If I simply make a request from my browser's url field I get a '200 OK' with this:
如果我只是从浏览器的 url 字段发出请求,我会得到一个“200 OK”:
Response Headers
响应头
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type, User-Agent, X-Requested-With, X-Requested-By, Cache-Control
Access-Control-Allow-Methods:GET,POST
Access-Control-Allow-Origin:http://www.othermachine.com
Content-Length:0
Content-Type:text/html; charset=UTF-8
Server:TornadoServer/2.2.1
Does that mean Tornado is doing its job? I tried to follow the advice of all the stackoverflow CORS+jQuery posts (e.g. this), to no avail. CORS in concept seems simple enough, but maybe I am fundamentally misunderstanding what is supposed to happen in a CORS transaction... please help! Thanks in advance.
这是否意味着 Tornado 正在发挥作用?我试图遵循所有 stackoverflow CORS+jQuery 帖子(例如this)的建议,但无济于事。概念上的 CORS 似乎很简单,但也许我从根本上误解了 CORS 事务中应该发生的事情......请帮忙!提前致谢。
采纳答案by kradeki
Nevermind, coding too late and too long causes one to trip over things the size of typos. For the record, this is all you need for jQuery:
没关系,编码太晚和太长会导致人们被错别字大小的事情绊倒。作为记录,这就是您对 jQuery 所需要的全部内容:
var data = { msgid: "dH8b" },
url = "http://localhost:8899/load" + '?' + $.param(data);
$.getJSON( url, function(resp){
console.log("ajax response: "+resp+" json="+JSON.stringify(resp));
});
And this is all you need for Tornado:
这就是 Tornado 所需的全部内容:
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
self.set_header("Access-Control-Allow-Origin", "http://www.othermachine.com")
Using jQuery 1.7.2, Tornado 2.2.1.
使用 jQuery 1.7.2,龙卷风 2.2.1。
回答by fengd
try setting origin to be: othermachine.com. it should be a domain name, not a website address
尝试将 origin 设置为:othermachine.com。它应该是一个域名,而不是一个网站地址
