即使在设置访问控制 - 允许原孔或其他访问控制之后,也可以在客户端端口错误
我有一个使用 webpack-simple 选项生成的VUE应用程序。我正在尝试使获取请求 https://api.forismatic.com/api/1.0/?method=getQuote&Amp; format = jjson& amp; amp;lang = en 但是我得到错误:
xmlhttprequest无法加载
https://api.forismatic.com/api/1.0/?method=getQuote& format=json&lang=en。 对飞行前请求的响应不会传递访问控制检查:否 请求的“访问控制”标头 资源。因此,不允许原点'http://127.0.0.1:8080' 访问。
我正在使用vue-resource,并补充说:
Vue.http.headers.common['Access-Control-Allow-Origin'] = '*'
这没有效果。
我还在 devserver 选项中添加了此问题,在 webpack.config.js 中:
devServer: {
historyApiFallback: true,
noInfo: true,
headers: {
"Access-Control-Allow-Origin": "*"
}
}
这也不解决问题。错误消息保持不变。
如何解决这个问题?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
access-control-allow-origin是响应服务器必须发送的响应标题。所有其他
访问控制 - *标题是服务器发送的响应标头。如果您不控制服务器,则您的请求已发送到,而响应的问题仅仅是缺乏
access-control-wall-allow-Originheader或其他access-control-允许 - *标题,您仍然可以通过CORS代理提出请求来使事情有效。您可以使用。
您还可以在短短2-3分钟内轻松地将自己的代理部署到Heroku,并带有5个命令:
运行这些命令后,您最终将自己的cors cors ernhiry Anywhere Server运行,例如,
https:// cryptic -headland-94862.Herokuapp.com/。现在,将请求URL的前缀带有代理的URL:
添加代理URL作为前缀会导致请求通过您的代理制作,其中:
https://example.com 。https://example.com接收响应。访问 - 控制 - 遵守原始标题添加到响应中。然后,浏览器允许前端代码访问响应,因为使用
access-control-allow-Origin响应标头的响应是浏览器所看到的。即使该请求是触发浏览器执行CORS Preflight
Options请求的请求,因为在这种情况下,代理人还发送回access-controll-alla-alleaders和访问控制 - 允许使用方法使前世成功所需的标题。而且,如果您具有添加
access-control-allow-origin标题或其他access-control-allow-*标题的前端代码,请删除该代码 - &nbsp ;;因为添加这些请求标头的唯一效果是,您正在触发浏览器发送 cors preflightoptions请求而不是实际get或post在您的代码中。Access-Control-Allow-Originis a response header the responding server must send.And all other
Access-Control-Allow-*headers are response headers for servers to send.If you don’t control the server your request is sent to, and the problem with the response is just the lack of the
Access-Control-Allow-Originheader or otherAccess-Control-Allow-*headers you can still get things to work—by making the request through a CORS proxy.You can easily run your own proxy using code from https://github.com/Rob--W/cors-anywhere/.
You can also easily deploy your own proxy to Heroku in just 2-3 minutes, with 5 commands:
After running those commands, you’ll end up with your own CORS Anywhere server running at, e.g.,
https://cryptic-headland-94862.herokuapp.com/.Now, prefix your request URL with the URL for your proxy:
Adding the proxy URL as a prefix causes the request to get made through your proxy, which:
https://example.com.https://example.com.Access-Control-Allow-Originheader to the response.The browser then allows the frontend code to access the response, because that response with the
Access-Control-Allow-Originresponse header is what the browser sees.This works even if the request is one that triggers browsers to do a CORS preflight
OPTIONSrequest, because in that case, the proxy also sends back theAccess-Control-Allow-HeadersandAccess-Control-Allow-Methodsheaders needed to make the preflight successful.And if you have frontend code that adds the
Access-Control-Allow-Originheader or otherAccess-Control-Allow-*headers to the request, remove that code — because the only effect you have by adding those request headers is, you’re triggering your browser to send a CORS preflightOPTIONSrequest rather than the actualGETorPOSTrequest in your code.好的,此答案与问题并不相关,但是对于那些无法触摸API服务器端,免费使用代理 Rob - W/w 的服务
Ok, this answer is not really related to the question but it can be useful for those, who can't touch API server side, use free to use proxy service from Rob--W
对于在本地系统上运行Web应用程序,您可以通过添加-Disable-Web-Security标志来禁用Chrome安全功能。
我在Windows上使用以下命令来解决XMLHTTPerror:
For running the web app on your local system, you can disable the Chrome security feature by adding --disable-web-security flag.
I used the following commands on Windows to resolve XMLHttpError: