Access-Control-Allow-Origin 无法正常工作
我正在发出跨域 POST 请求。我向 Web 服务器添加了 Access-Control-* 标头,但 Google Chrome javascript 控制台引发:
XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)
以下是请求期间传输的所有数据包: http://pastie.org/1882455
如您所见,它仍然在 OPTIONS 请求之后发送 POST 请求。它在 Firefox 中也不起作用。 Firefox 显示 POST 请求已发送到服务器,响应代码为 200,但响应本身为空。
I'm making a cross domain POST request. I added Access-Control-* headers to the web server, but Google Chrome javascript console raises:
XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)
Here are all the packets that are transferred during the request: http://pastie.org/1882455
As you can see it stills sends the POST request after OPTIONS request. It doesn't work in Firefox either. Firefox shows that POST request was sent to the server and the response code was 200, but the response itself is empty.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
Access-Control-Allow-Origin 和 Access-Control-Allow-Credentials 标头应该是任何 CORS 响应的一部分(包括预检 OPTIONS 请求和 POST 请求)。您当前的示例仅在 OPTIONS 响应中显示它们。
The Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers should be a part of any CORS response (including the preflight OPTIONS request and the POST request). Your current example shows them only on the OPTIONS response.
您可以在超级用户中查看以下帖子的答案。不久前我碰巧在 chromium-dev google groups 上发布了这个问题。
https://superuser.com/questions/ 384871/如何在 google-chrome 中覆盖访问控制允许来源限制
you can check the answer for the following post in superuser. I had happened to post the problem on chromium-dev google groups a while back.
https://superuser.com/questions/384871/how-to-override-access-control-allow-origin-restriction-in-google-chrome
我自己努力解决完全相同的问题,但通过我的服务器访问,最终代理了所有此类调用以使其运行。但这在分配上并不理想。您是否尝试过将请求的标头和/或值与响应的标头和/或值进行匹配?另外,根据我的研究,浏览器版本可以播放。请给出您现在正在调试的确切版本。
Grappling with exactly the same myself but with my server access, finally proxied all such calls to get it running. But this will not be ideal in distribution. Have you tried matching up headers and/or values requested vs. those responded? Also, in my research, browser version can play. Please give the exact versions you are debugging now.
我认为您还需要将访问控制标头放在 POST 响应上?
I think you need to put the Access-Control headers on the POST response as well?