CORS 不工作 php
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18382740/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CORS not working php
提问by Ganesh Babu
I am trying to post form data from www.siteone.com to www.sitetwo.com via CORS. My ajax code is this:
我正在尝试通过 CORS 将表单数据从 www.siteone.com 发布到 www.sitetwo.com。我的ajax代码是这样的:
<script>
$(document).ready(function(){
$("#submit").live('click',function() {
var url = "http://www.sitetwo.com/cors.php";
var data = $('#form').serialize();
jQuery.ajax({
url : url,
type: "POST",
data : $('#form').serialize(),
}).done(function(response){
alert(response);
}).fail(function(error){
console.log(error.statusText);
});
return false;
});
});
</script>
and the file cors.php in www.sitetwo.comis as follows:
而cors.php中的文件www.sitetwo.com如下:
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
echo "hai";
?>
But still Access-control-Allow-Origin error is thrown. The error thrown is this:
但仍然抛出 Access-control-Allow-Origin 错误。抛出的错误是这样的:
XMLHttpRequest cannot load http://www.sitetwo.com/cors.php. Origin http://www.siteone.com is not allowed by Access-Control-Allow-Origin.
I came to know that, using CORS by just allowing the remote website via headers, we can use cross-domain request. But when I tried like this, error is thrown. Have I missed anything in here? Here is my request/response headers:
我开始知道,通过仅通过标头允许远程网站使用 CORS,我们可以使用跨域请求。但是当我这样尝试时,会抛出错误。我在这里错过了什么吗?这是我的请求/响应标头:
Response Headers
Connection Keep-Alive
Content-Length 487
Content-Type text/html; charset=iso-8859-1
Date Fri, 23 Aug 2013 05:53:20 GMT
Keep-Alive timeout=15, max=99
Server Apache/2.2.15 (CentOS)
WWW-Authenticate Basic realm="Site two Server - Restricted Area"
Request Headers
Accept */*
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Content-Length 43
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Host www.sitetwo.com
Origin http://www.siteone.com
Referer http://www.siteone.com/index.html
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0
回答by Ganesh Babu
Finally, I myself have solved the problem explained in the question. The code that I have implemented for accessing header is incorrect.
最后,我自己解决了问题中解释的问题。我为访问标头而实现的代码不正确。
The below mentioned two line code, when given, didn't work:
下面提到的两行代码在给出时不起作用:
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
?>
But handling CORS requests properly is a tad more involved. Here is a function that will respond more fully. The updated code is this :
但是正确处理 CORS 请求会涉及更多。这是一个响应更充分的功能。更新后的代码是这样的:
<?php
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
echo "You have CORS!";
?>
I have found from another postIt worked....
我从另一篇文章中发现 它有效....
回答by Curtis
Another reason is if you're missing a semicolon or something anywhere in your php, that CORS error message will be the only error that is displayed by the ajax, even if error reporting is on, while you can see the actual error by going to the php url in your browser.
另一个原因是,如果您在 php 中缺少分号或其他内容,则 CORS 错误消息将是 ajax 显示的唯一错误,即使错误报告已打开,而您可以通过转到查看实际错误浏览器中的 php 网址。
回答by user4173455
To allow CORS for all:
允许所有人使用 CORS:
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
echo "You have CORS!";
