ajax 跨域请求被阻止:同源策略不允许在以下位置读取远程资源
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24182259/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
提问by Hamed Momeni
I'm using CometChatin my website and recently my users art having this problem with receiving messages. After inspection in FireBug i realized it must be because of the CORS protection (due to the following error) that the script is failing.
我CometChat在我的网站上使用,最近我的用户在接收消息时遇到了这个问题。在 FireBug 中检查后,我意识到脚本失败一定是因为 CORS 保护(由于以下错误)。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://x3.chatforyoursite.com/subscribe/... This can be fixed by moving the resource to the same domain or enabling CORS.
跨域请求被阻止:同源策略不允许在http://x3.chatforyoursite.com/subscribe/读取远程资源 ......这可以通过将资源移动到同一域或启用 CORS 来解决。
Now I'm wondering where should I enable CORS because it is enabled on my own server and I have no access to the CometChatserver.
现在我想知道我应该在哪里启用 CORS,因为它是在我自己的服务器上启用的,而我无法访问该CometChat服务器。
回答by SilverlightFox
The server at x3.chatforyoursite.comneeds to output the following header:
服务器 atx3.chatforyoursite.com需要输出以下标头:
Access-Control-Allow-Origin: http://www.example.com
Access-Control-Allow-Origin: http://www.example.com
Where http://www.example.comis your website address. You should check your settings on chatforyoursite.comto see if you can enable this - if not their technical support would probably be the best way to resolve this. However to answer your question, you need the remote site to allow your site to access AJAX responses client side.
http://www.example.com你的网址在哪里。您应该检查您的设置chatforyoursite.com以查看是否可以启用此功能 - 如果不能,他们的技术支持可能是解决此问题的最佳方法。但是,要回答您的问题,您需要远程站点以允许您的站点访问 AJAX 响应客户端。
回答by user2903536
The use-case for CORS is simple. Imagine the site alice.com has some data that the site bob.com wants to access. This type of request traditionally wouldn't be allowed under the browser's same origin policy. However, by supporting CORS requests, alice.com can add a few special response headers that allows bob.com to access the data. In order to understand it well, please visit this nice tutorial.. How to solve the issue of CORS
CORS 的用例很简单。假设站点 alice.com 有一些站点 bob.com 想要访问的数据。在浏览器的同源策略下,这种类型的请求传统上是不允许的。但是,通过支持 CORS 请求,alice.com 可以添加一些允许 bob.com 访问数据的特殊响应标头。为了更好地理解它,请访问这个不错的教程.. 如何解决 CORS 的问题
