Javascript Access-Control-Allow-Origin 不允许 Origin null
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8456538/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Origin null is not allowed by Access-Control-Allow-Origin
提问by dudledok
I have made a small xslt file to create an html output called weather.xsl with code as follows:
我制作了一个小的 xslt 文件来创建一个名为 weather.xsl 的 html 输出,代码如下:
<!-- DWXMLSource="http://weather.yahooapis.com/forecastrss?w=38325&u=c" -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
exclude-result-prefixes="yweather"
xmlns:yweather="http://xml.weather.yahoo.com/ns/rss/1.0" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#">
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:strip-space elements="*"/>
<xsl:template match="/">
<img src="{/*/*/item/yweather:condition/@text}.jpg"/>
</xsl:template>
</xsl:stylesheet>
I want to load in the html output into a div in an html file which I'm trying to do using jQuery as follows:
我想将 html 输出加载到 html 文件中的 div 中,我正在尝试使用 jQuery 执行如下操作:
<div id="result">
<script type="text/javascript">
$('#result').load('weather.xsl');
</script>
</div>
But I am getting the following error: Origin null is not allowed by Access-Control-Allow-Origin.
但是我收到以下错误:Access-Control-Allow-Origin 不允许 Origin null。
I've read about adding a header to the xslt, but I'm not sure how to do that, so any help would be appreciated, and if loading in the html ouput can't be done this way, then advice on how else to do it would be great.
我已经阅读了有关向 xslt 添加标题的内容,但我不确定如何执行此操作,因此将不胜感激,如果无法以这种方式加载 html 输出,请提供有关其他方法的建议这样做会很棒。
回答by T.J. Crowder
Origin nullis the local file system, so that suggests that you're loading the HTML page that does the loadcall via a file:///URL (e.g., just double-clicking it in a local file browser or similar). Different browsers take different approaches to applying the Same Origin Policyto local files.
Originnull是本地文件系统,因此这表明您正在加载load通过file:///URL进行调用的 HTML 页面(例如,只需在本地文件浏览器或类似工具中双击它)。不同的浏览器采用不同的方法将同源策略应用于本地文件。
My guess is that you're seeing this using Chrome. Chrome's rules for applying the SOP to local files are very tight, it disallows even loading files from the same directory as the document. So does Opera. Some other browsers, such as Firefox, allow limited access to local files. But basically, using ajax with local resources isn't going to work cross-browser.
我的猜测是您正在使用 Chrome 看到这一点。Chrome 将 SOP 应用于本地文件的规则非常严格,它甚至不允许从与文档相同的目录加载文件。歌剧也是。其他一些浏览器(例如 Firefox)允许对本地文件进行有限访问。但基本上,将 ajax 与本地资源一起使用不会跨浏览器工作。
If you're just testing something locally that you'll really be deploying to the web, rather than use local files, install a simple web server and test via http://URLs instead. That gives you a much more accurate security picture.
如果您只是在本地测试将真正部署到 Web 的内容,而不是使用本地文件,请安装一个简单的 Web 服务器并通过http://URL 进行测试。这为您提供了更准确的安全图片。
回答by Gokhan Tank
Chrome and Safari has a restriction on using ajax with local resources. That's why it's throwing an error like
Chrome 和 Safari 对本地资源使用 ajax 有限制。这就是为什么它会抛出这样的错误
Origin null is not allowed by Access-Control-Allow-Origin.
Access-Control-Allow-Origin 不允许 Origin null。
Solution:Use firefox or upload your data to a temporary server. If you still want to use Chrome, start it with the below option;
解决方案:使用 firefox 或将您的数据上传到临时服务器。如果您仍想使用 Chrome,请使用以下选项启动它;
--allow-file-access-from-files
More info how to add the above parameter to your Chrome:Right click the Chrome icon on your task bar, right click the Google Chrome on the pop-up window and click properties and add the above parameter inside the Target textbox under Shortcut tab. It will like as below;
有关如何将上述参数添加到 Chrome 的更多信息:右键单击任务栏上的 Chrome 图标,右键单击弹出窗口中的 Google Chrome,然后单击属性并将上述参数添加到快捷方式选项卡下的目标文本框中。它会像下面这样;
C:\Users\XXX_USER\AppData\Local\Google\Chrome\Application\chrome.exe --allow-file-access-from-files
Hope this will help!
希望这会有所帮助!
回答by gozzilli
Just wanted to add that the "run a webserver" answer seems quite daunting, but if you have python on your system (installed by default at least on MacOS and any Linux distribution) it's as easy as:
只是想补充一点,“运行网络服务器”的答案似乎令人生畏,但如果您的系统上有 python(至少在 MacOS 和任何 Linux 发行版上默认安装),它就像:
python -m http.server # with python3
or
或者
python -m SimpleHTTPServer # with python2
So if you have your html file myfile.htmlin a folder, say mydir, all you have to do is:
因此,如果您将 html 文件myfile.html放在一个文件夹中,例如mydir,您所要做的就是:
cd /path/to/mydir
python -m http.server # or the python2 alternative above
Then point your browser to:
然后将浏览器指向:
http://localhost:8000/myfile.html
And you are done! Works on all browsers, without disabling web security, allowing local files, or even restarting the browser with command line options.
你已经完成了!适用于所有浏览器,无需禁用网络安全、允许本地文件,甚至无需使用命令行选项重新启动浏览器。
回答by orberkov
I would like to humbly add that according to this SO source: https://stackoverflow.com/a/14671362/1743693, this kind of trouble is now partiallysolved simply by using the following jQuery instruction:
我想虚心补充一点,根据这个SO来源:https: //stackoverflow.com/a/14671362/1743693,现在只需使用以下jQuery指令即可部分解决这种问题:
<script>
$.support.cors = true;
</script>
I tried it on IE10.0.9200, and it worked immediately(using jquery-1.9.0.js).
我在 IE10.0.9200 上尝试过,它立即起作用(使用 jquery-1.9.0.js)。
On chrome 28.0.1500.95 - this instruction doesn't work (this happens all over as davidcomplains in the comments at the link above)
在 chrome 28.0.1500.95 上 - 此指令不起作用(当大卫在上面链接的评论中抱怨时,这种情况发生了)
Running chrome with --allow-file-access-from-files did not work for me (as Maistora's claims above)
使用 --allow-file-access-from-files 运行 chrome 对我不起作用(如 Maistora 的上述声明)
回答by saurabh
Adding a bit to use Gokhan's solution for using:
添加一点以使用 Gokhan 的解决方案:
--allow-file-access-from-files
Now you just need to append above text in Target text followed by a space. make sure you close all the instances of chrome browser after adding above property. Now restart chrome by the icon where you added this property. It should work for all.
现在,您只需要在 Target 文本中附加上面的文本,后跟一个空格。添加上述属性后,请确保关闭所有 chrome 浏览器实例。现在通过添加此属性的图标重新启动 chrome。它应该适用于所有人。
回答by Louis Loudog Trottier
I was looking for an solution to make an XHR request to a server from a local html file and found a solution using Chrome and PHP. (no Jquery)
我正在寻找一种解决方案来从本地 html 文件向服务器发出 XHR 请求,并找到了使用 Chrome 和 PHP 的解决方案。(没有Jquery)
Javascripts:
Javascript:
var x = new XMLHttpRequest();
if(x) x.onreadystatechange=function(){
if (x.readyState === 4 && x.status===200){
console.log(x.responseText); //Success
}else{
console.log(x); //Failed
}
};
x.open(GET, 'http://example.com/', true);
x.withCredentials = true;
x.send();
My Chrome's request header Origin: null
我的 Chrome 的请求标头 Origin: null
My PHP response header (Note that 'null' is a string). HTTP_REFERER allow cross-origin from a remote server to another.
我的 PHP 响应标头(请注意,'null' 是一个字符串)。HTTP_REFERER 允许从远程服务器到另一个服务器的跨域。
header('Access-Control-Allow-Origin: '.(trim($_SERVER['HTTP_REFERER'],'/')?:'null'),true);
header('Access-Control-Allow-Credentials:true',true);
I was able to successfully connect to my server.
You can disregards the Credentials headers, but this works for me with Apache's AuthType Basicenabled
我能够成功连接到我的服务器。您可以忽略 Credentials 标头,但这对AuthType Basic启用Apache 的我有用
I tested compatibility with FF and Opera, It works in many cases such as:
我测试了与 FF 和 Opera 的兼容性,它适用于许多情况,例如:
From a VM LAN IP (192.168.0.x) back to the VM'S WAN (public) IP:port
From a VM LAN IP back to a remote server domain name.
From a local .HTML file to the VM LAN IP and/or VM WAN IP:port,
From a local .HTML file to a remote server domain name.
And so on.
从 VM LAN IP (192.168.0.x) 返回到 VM 的 WAN(公共)IP:port
从 VM LAN IP 返回到远程服务器域名。
从本地 .HTML 文件到 VM LAN IP 和/或 VM WAN IP:port,
从本地 .HTML 文件到远程服务器域名。
等等。
回答by Rich
You can load a local Javascript file (in the tree below your file:/source page) using the source tag:
您可以file:/使用 source 标签加载本地 Javascript 文件(在源页面下方的树中):
<script src="my_data.js"></script>
If you encode your input into Javascript, like in this case:
如果您将输入编码为 Javascript,例如在这种情况下:
mydata.js:
我的数据.js:
$xsl_text = "<xsl:stylesheet version="1.0" + ....
(this is easier for json) then you have your 'data' in a Javascript global variable to use as you wish.
(这对 json 来说更容易)然后你在 Javascript 全局变量中有你的“数据”,你可以随意使用。
