php codeigniter 上的错误 Access-Control-Allow-Origin 标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31332202/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
error Access-Control-Allow-Origin header on codeigniter
提问by xrurii
i am getting the error of XMLHttpRequest cannot load, No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://abc' is therefore not allowed access.. i am very new in php and codeigniter and so i cannot really understand what is going on. i tried reading other materials here in stackoverflow but it just left me blank. I am sorry if this is a duplicate post to you but I really need help.
我收到 XMLHttpRequest 无法加载的错误,请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,不允许访问Origin ' http://abc.. 我对 php 和 codeigniter 非常陌生,所以我无法真正理解发生了什么。我尝试在 stackoverflow 中阅读其他材料,但它只是让我空白。如果这是一个重复的帖子,我很抱歉,但我真的需要帮助。
here is the ajax call for the view:
这是视图的ajax调用:
$("#btnLoginFB").click(function()
{
$.ajax({
type: "POST",
url: '<?php echo base_url();?>Main/login',
data: {domain:'FB'},
dataType: "text",
cache:false,
success:
function(output_string){
alert(output_string);
}
});
return false;
});
and here is the functions in the controller
这是控制器中的功能
public function login()
{
$domain = $this->input->post('domain');
$get_domain = $this->input->get('domain');
$get_token = $this->input->get('token');
if ((!empty($get_domain)) && (!empty($get_token)))
{
$this->getmasterid();
}
else
{
$this->getticket($domain);
}
}
public function getsomething($domain)
{
if (isset($domain))
{
switch ($domain)
{
case 'PP':
$this->session->set_userdata('servcode','pp.login');
$this->session->set_userdata('servsiggy','adgjanlnadgakjdbakg');
$this->session->set_userdata('domain','pp');
break;
case 'FB':
$this->session->set_userdata('servcode','fb.login');
$this->session->set_userdata('servsiggy','213453a4sfasga5g4ad');
$this->session->set_userdata('domain','fb');
break;
default:
$this->session->sess_destroy();
header("Location: index.php");
break;
}
$this->session->set_userdata('clientpaddr', $this->input->server('REMOTE_ADDR'));
$this->session->set_userdata('partcode', 'abc');
$this->session->set_userdata('command', 'initialize-something');
$this->session->set_userdata('layout', 'deflt');
$this->session->set_userdata('title', 'pp login');
$this->session->set_userdata('captcha', 'false');
$this->session->set_userdata('keys', 'false');
$this->session->set_userdata('returnurl', 'https://mywebsite.game.com/login.php');
$this->session->set_userdata('cancelurl', 'https://mywebsite.game.com/cancel.php');
$this->session->set_userdata('sendurl', 'http://192.168.0.1/authenticate/green/api.ashx');
}
else
{
$this->session->sess_destroy();
header("Location: index.php");
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->session->userdata('sendurl'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
$data = array(
'part_code' => $this->session->userdata('partcode'),
'serv_code' => $this->session->userdata('servcode'),
'serv_siggy' => $this->session->userdata('servsiggy'),
'command' => $this->session->userdata('command'),
'ip' => $this->session->userdata('clientpaddr'),
'domain' => $this->session->userdata('domain'),
'layout' => $this->session->userdata('layout'),
'required_captcha' => $this->session->userdata('captcha'),
'required_keys' => $this->session->userdata('keys'),
'return_url' => $this->session->userdata('returnurl'),
'cancel_url' => $this->session->userdata('cancelurl')
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$output = curl_exec($ch);
curl_close($ch);
$output = explode("&", $output);
$redirect_url= urldecode($output[4]);
$str_len_cut = strlen("redirect_url=");
$result_url = substr($redirect_url,$str_len_cut);
header('Location: '.$result_url);
}
回答by spenibus
In the controller, set Access-Control-Allow-Originat the top of your php script to the expected value of the origin header, the domain your ajax calls from:
在控制器中,将php 脚本顶部的Access-Control-Allow-Origin设置为 origin 标头的预期值,即您的 ajax 调用的域:
header('Access-Control-Allow-Origin: abc');
Or if you never use credentials and don't care where the request comes from, just use a wildcard:
或者,如果您从不使用凭据并且不关心请求来自何处,只需使用通配符:
header('Access-Control-Allow-Origin: *');
update 2015-07-13 12:34 +0000
更新 2015-07-13 12:34 +0000
Disclaimer
I think I failed to properly consider that this was done under codeigniter and it now seems to me this answer is pretty poor.
免责声明
我想我没有正确考虑这是在 codeigniter 下完成的,现在在我看来这个答案很差。
回答by Anup
I was also facing same problem. please keep in mind you have to put
我也面临同样的问题。请记住你必须把
header('Access-Control-Allow-Origin: *');
in other side.
在另一边。
For example, you are requesting ajax from
例如,您正在请求来自
http://example.net
to http://example2.net/loginso you have to put above code at http://example2.net/loginfiles.
对http://example2.net/login,所以你必须把上面的代码的http://example2.net/login文件。
回答by Jonathan
In codeigniter the way to do this is using the output class. So you would put this in your controller wherever you need this.
在 codeigniter 中,这样做的方法是使用输出类。所以你可以把它放在你的控制器中,只要你需要它。
$this->output
->set_header('Access-Control-Allow-Origin: some-origin')
->set_header('Access-Control-Allow-Methods: GET, OPTIONS')
As a side note: it is generally bad practise to set your Access-Control-Allow-Origin:to *unless you really want to allow request from any domain. Otherwise it would be more secure to only allow requests from the domain(s) you are running your app on. More on this matter here.
附带说明:除非您真的想允许来自任何域的请求Access-Control-Allow-Origin:,*否则将您设置为通常是不好的做法。否则,只允许来自您正在运行应用程序的域的请求会更安全。更多关于这个问题在这里。
