jQuery 缺少 CORS 标头“Access-Control-Allow-Origin”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31276220/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CORS header 'Access-Control-Allow-Origin' missing
提问by immayankmodi
I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.
我正在从我的 asp.net 表单调用此函数,并在调用 ajax 时在 firebug 控制台上出现以下错误。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
跨域请求被阻止:同源策略不允许读取http://anotherdomain/test.json 上的远程资源。(原因:缺少 CORS 标头“Access-Control-Allow-Origin”)。
var url= 'http://anotherdomain/test.json';
$.ajax({
url: url,
crossOrigin: true,
type: 'GET',
xhrFields: { withCredentials: true },
accept: 'application/json'
}).done(function (data) {
alert(data);
}).fail(function (xhr, textStatus, error) {
var title, message;
switch (xhr.status) {
case 403:
title = xhr.responseJSON.errorSummary;
message = 'Please login to your server before running the test.';
break;
default:
title = 'Invalid URL or Cross-Origin Request Blocked';
message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';
break;
}
});
I've done alternate way but still unable to find the solution.
我已经完成了替代方法,但仍然无法找到解决方案。
Note: I've no server rights to make server side(API/URL) changes.
注意:我没有进行服务器端(API/URL)更改的服务器权限。
回答by 538ROMEO
This happens generally when you try access another domain's resources.
当您尝试访问另一个域的资源时,通常会发生这种情况。
This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).
这是一项安全功能,可避免每个人自由访问该域的任何资源(例如,可以访问该域的任何资源以在盗版域上拥有完全相同的网站副本)。
The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the ressources.
响应的标头,即使是 200OK 也不允许其他来源(域、端口)访问资源。
You can fix this problem if you are the owner of both domains:
如果您是两个域的所有者,则可以解决此问题:
Solution 1: via .htaccess
解决方案 1:通过 .htaccess
To change that, you can write this in the .htaccess of the requested domainfile:
要更改它,您可以在请求的域文件的 .htaccess 中写入:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
If you only want to give access to one domain, the .htaccess should look like this:
如果您只想授予对一个域的访问权限,.htaccess 应如下所示:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin 'https://my-domain.tdl'
</IfModule>
Solution 2: set headers the correct way
解决方案 2:以正确的方式设置标题
If you set this into the response header of the requested file, you will allow everyone to access the ressources:
如果您将其设置为请求文件的响应头,您将允许每个人访问资源:
Access-Control-Allow-Origin : *
OR
或者
Access-Control-Allow-Origin : http://www.my-domain.com
Peace and code ;)
和平与代码 ;)
回答by Pegasus Cozza
in your ajax request, adding:
在您的 ajax 请求中,添加:
dataType: "jsonp",
after line :
行后:
type: 'GET',
should solve this problem ..
应该解决这个问题..
hope this help you
希望这对你有帮助
回答by Ritesh Kumar
You have to modify your server side code, as given below
您必须修改服务器端代码,如下所示
public class CorsResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
throws IOException {
responseContext.getHeaders().add("Access-Control-Allow-Origin","*");
responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
}
}
回答by Ghanshyam Nakiya
Server side put this on top of .php:
服务器端将其放在 .php 之上:
header('Access-Control-Allow-Origin: *');
You can set specific domain restriction access:
您可以设置特定域限制访问:
header('Access-Control-Allow-Origin: https://www.example.com')
回答by Raghvendra Singh
You must have got the idea why you are getting this problem after going through above answers.
在完成上述答案后,您一定知道为什么会遇到此问题。
self.send_header('Access-Control-Allow-Origin', '*')
You just have to add the above line in your server side.
你只需要在你的服务器端添加上面的行。
