php “Access-Control-Allow-Origin”标头的值不等于提供的原点
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38043194/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin
提问by Matt E.
I am trying to login with ajax to an API and I get this error:
我正在尝试使用 ajax 登录到 API,但出现此错误:
XMLHttpRequest cannot load. The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin. Origin 'http://localhost' is therefore not allowed access.
XMLHttpRequest 无法加载。'Access-Control-Allow-Origin' 标头的值不等于提供的来源。因此,不允许访问Origin ' http://localhost'。
I read all about this error, all over the internet, and I've tried all the solutions I could find online. I modified the .htaccess and apache httpd configuration file according to the CORS instructions here: http://enable-cors.org/server_apache.html
我在互联网上阅读了有关此错误的所有信息,并且尝试了所有可以在网上找到的解决方案。我根据此处的 CORS 说明修改了 .htaccess 和 apache httpd 配置文件:http: //enable-cors.org/server_apache.html
Access-Control-Allow-Origin: *
Nothing seems to be working. I'd really appreciate if you guys can help me out with this. Thank you!
似乎没有任何工作。如果你们能帮我解决这个问题,我真的很感激。谢谢!
回答by Dzung Cao
You have to set Access-Control-Allow-Origin headerto * or specified value http://localhost
您必须将Access-Control-Allow-Origin 标头设置为 * 或指定值http://localhost
You can do this through:
您可以通过以下方式做到这一点:
1- Your code
1-您的代码
2- .htaccess file
2-.htaccess 文件
3- Server config (restart web server required)
3- 服务器配置(需要重启网络服务器)
Here is the link that show how to do it on apache
这是显示如何在 apache 上执行此操作的链接
http://access-control-allow-origin-guide.com/enable-cors-on-apache-linux/
http://access-control-allow-origin-guide.com/enable-cors-on-apache-linux/
回答by kikihuang99
i use htaccess file for load JSON data in different hosting, and its works but
我使用 htaccess 文件在不同的主机中加载 JSON 数据,但它的工作原理
it have to put inside the public html root of our web hosting for example
例如,它必须放在我们虚拟主机的公共 html 根目录中
uploading .htaccess into --> (https://freehostingsomewhere.com/)
将 .htaccess 上传到 --> ( https://freehostingsomewhere.com/)
then inside .htaccess
然后在.htaccess里面
<FilesMatch "\.(ttf|otf|eot|woff|jpg|png|jpeg|gif|js|json|html|css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "http://localhost"
</IfModule>
</FilesMatch>
in here i use http://localhostto development and it works,
在这里,我使用http://localhost进行开发并且可以正常工作,
maybe if i have another web host just change it into that url, i will try it later (it can, i already try it) :p
也许如果我有另一个网络主机,只需将其更改为该网址,我稍后会尝试(可以,我已经尝试过):p
this is just for more clear explanation
这只是为了更清楚的解释
cheers :p
干杯:p
回答by jeremykenedy
As added browser security, unless the API allows cross-browser origins in the the return responses header there is no way around this.
作为增加的浏览器安全性,除非 API 允许返回响应标头中的跨浏览器来源,否则无法解决此问题。
The browsers are blocking it, there is a pluginto allow for chrome but it is not realistic to depend on browser plugin to allow end user requests,
浏览器正在阻止它,有一个插件允许使用 chrome,但依赖浏览器插件来允许最终用户请求是不现实的,
Try and reach out to the API provider and see if they can look into updating the header in the response.
尝试联系 API 提供者,看看他们是否可以考虑更新响应中的标头。
It is a CORS issue: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
这是一个 CORS 问题:https: //developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
回答by fmello
Are your requests using either cookies or authorization by any chance?
您的请求是否有机会使用 cookie 或授权?
Check on your ajax call on the client side if you're configuring it to be done "with credentials"
如果您将其配置为“使用凭据”完成,请检查客户端的 ajax 调用
.withCredentials = true;
If yes, the wildcard(*) will not work and you'll need to provide the exact host as the value for Access-Control-Allow-Origin.
如果是,则通配符(*) 将不起作用,您需要提供确切的主机作为 的值Access-Control-Allow-Origin。
Refer to this stack overflow answeror Mozilla Documentation on CORS
