Access-Control-Allow-Origin 无法正常工作

发布于 2024-11-05 20:37:13 字数 538 浏览 5 评论 0原文

我正在发出跨域 POST 请求。我向 Web 服务器添加了 Access-Control-* 标头,但 Google Chrome javascript 控制台引发:

XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)

以下是请求期间传输的所有数据包: http://pastie.org/1882455

如您所见,它仍然在 OPTIONS 请求之后发送 POST 请求。它在 Firefox 中也不起作用。 Firefox 显示 POST 请求已发送到服务器,响应代码为 200,但响应本身为空。

I'm making a cross domain POST request. I added Access-Control-* headers to the web server, but Google Chrome javascript console raises:

XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)

Here are all the packets that are transferred during the request: http://pastie.org/1882455

As you can see it stills sends the POST request after OPTIONS request. It doesn't work in Firefox either. Firefox shows that POST request was sent to the server and the response code was 200, but the response itself is empty.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

勿忘初心 2024-11-12 20:37:13

Access-Control-Allow-Origin 和 Access-Control-Allow-Credentials 标头应该是任何 CORS 响应的一部分(包括预检 OPTIONS 请求和 POST 请求)。您当前的示例仅在 OPTIONS 响应中显示它们。

The Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers should be a part of any CORS response (including the preflight OPTIONS request and the POST request). Your current example shows them only on the OPTIONS response.

靑春怀旧 2024-11-12 20:37:13

您可以在超级用户中查看以下帖子的答案。不久前我碰巧在 chromium-dev google groups 上发布了这个问题。

https://superuser.com/questions/ 384871/如何在 google-chrome 中覆盖访问控制允许来源限制

you can check the answer for the following post in superuser. I had happened to post the problem on chromium-dev google groups a while back.

https://superuser.com/questions/384871/how-to-override-access-control-allow-origin-restriction-in-google-chrome

绮筵 2024-11-12 20:37:13

我自己努力解决完全相同的问题,但通过我的服务器访问,最终代理了所有此类调用以使其运行。但这在分配上并不理想。您是否尝试过将请求的标头和/或值与响应的标头和/或值进行匹配?另外,根据我的研究,浏览器版本可以播放。请给出您现在正在调试的确切版本。

Grappling with exactly the same myself but with my server access, finally proxied all such calls to get it running. But this will not be ideal in distribution. Have you tried matching up headers and/or values requested vs. those responded? Also, in my research, browser version can play. Please give the exact versions you are debugging now.

趁微风不噪 2024-11-12 20:37:13

我认为您还需要将访问控制标头放在 POST 响应上?

I think you need to put the Access-Control headers on the POST response as well?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文