Javascript 预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段 Access-Control-Allow-Headers
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35232130/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
提问by Anahoua16
I am trying to make a login page from cross domain but I couldn't solve the problem, the error is:
我正在尝试从跨域创建登录页面,但无法解决问题,错误是:
XMLHttpRequest cannot load http://localhost/testing/resp.php. Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response.
XMLHttpRequest 无法加载http://localhost/testing/resp.php。预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段 Access-Control-Allow-Headers。
My Javascript code is:
我的 Javascript 代码是:
$('#login').click(function(){
var username = $('#uname').val();
var password = $('#pass').val();
var result = $('.result');
result.text('loading....');
if (username != '' && password !=''){
var urltopass = 'action=login&username='+username+'&password='+password;
$.ajax({
type: 'POST',
data: urltopass,
headers: {"Access-Control-Allow-Headers": "Content-Type"},
url: 'http://localhost/testing/resp.php',
crossDomain: true,
cache: false,
success: function(responseText){
console.log(responseText);
if(responseText== "0"){
result.text('incorrect login information');
} else if (responseText == "1"){
window.location="http://localhost/testing/home.php";
} else{
alert('error in sql query \n' + responseText);
}
}
});
} else return false;
});The PHP code for http://localhost/testing/resp.php:
http://localhost/testing/resp.php的 PHP 代码:
<?php
include "db.php"; //Connecting to database
if (!isset($_SERVER['HTTP_ORIGIN'])) {
echo "This is not cross-domain request";
exit;
}
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With");
header('P3P: CP="CAO PSA OUR"'); // Makes IE to support cookies
header("Content-Type: application/json; charset=utf-8");
if (isset($_POST['action']) && $_POST['action'] == 'login'){
$uname = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM loginajax WHERE username='$uname' AND password='$pass'";
$rs=$conn->query($sql);
if (mysqli_num_rows($rs) <= 0){
echo "0";
} else {
echo "1";
}
} else echo "this is not Login";
?>回答by Patrick Evans
remove this:
删除这个:
headers: {"Access-Control-Allow-Headers": "Content-Type"},
from your jQuery.ajax call.
来自您的 jQuery.ajax 调用。
The server responds with a Access-Control-Allow-Headersheader, the client doesn't send it to the server.
服务器以Access-Control-Allow-Headers标头响应,客户端不会将其发送到服务器。
The client sends a Access-Control-Request-Headersto request allowing certain headers, the server responds back with with a Access-Control-Allow-Headersthat lists the actual headers its going to allow. The client does not get to demand what headers are allowed.
客户端发送一个Access-Control-Request-Headersto 请求允许某些标头,服务器用一个Access-Control-Allow-Headers列出它允许的实际标头来响应。客户端不会要求允许使用哪些标头。
