什么可能导致跨域策略不起作用?
我试图与另一个域上的网站进行通信。我正在使用 javascript(xhr) 进行通信。我创建了一个 crossdomain.xml,可以从所有域进行开放访问,并将其添加到我想要通信的域的根目录中。我什至可以通过将文件的链接粘贴到地址栏中来访问该文件。但我在 chrome 控制台上仍然遇到同样的错误
Access-Control-Allow-Origin 不允许来源 xxxxxxxx.com。
可能是什么原因。有什么我忽略的吗?
I was trying to communicate with a site on another domain. I'm using javascript(xhr) to communicate. I have created a crossdomain.xml with open access from all domains and added it to the root of the domain I want to communicate to. I can even access the file by pasting it's link in the address bar. But I still get the same error on chrome console
Origin xxxxxxxx.com is not allowed by Access-Control-Allow-Origin.
what could possible be the reason. Is there anything I'm overlooking?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
crossdomain.xml 是 Flash 的东西,但您的错误消息似乎与 CORS 有关。
您需要配置您的服务器以按照规范<发送合适的 HTTP 响应标头(并处理预检选项请求) /a>
crossdomain.xml is a Flash thing, but your error message appears to be related to CORS.
You need to configure your server to send suitable HTTP response headers (and handle preflight OPTIONS requests) as per the specification
“从所有域开放访问并将其添加到我想要通信的域的根目录”是什么意思?
xhrs 无法访问其他域,除非您使用 CORS。
您可以在浏览器中访问该文件,因为当您在地址栏中键入 URL 时,它不使用 xhr。
what do you mean "with open access from all domains and added it to the root of the domain I want to communicate to"?
xhrs cannot hit other domains unless you use CORS.
You can access the file in the browser because it's not using an xhr when you type the URL in the address bar.
使用 CORS 意味着服务器的所有响应都返回
“Access-Control-Allow-Origin” :" 来源列表或空 | “*”
例如
“Access-Control-Allow-Origin:*”Using CORS means having all responses from the server return
"Access-Control-Allow-Origin" ":" origin-list-or-null | "*"
for example
"Access-Control-Allow-Origin:*"