Access-Control-Allow-Origin错误
[英]Access-Control-Allow-Origin error
问题描述
I'm using the following script - 
我正在使用以下脚本 -
<!DOCTYPE html>
<html>
<head>
<script src="jquery-1.9.1.min.js"></script>
<script>
function postForm() {
$.ajax({
type: 'POST',
url: 'http://10.0.0.8:9000/demo',
data: {"name" : "test"},
contentType: "application/json; charset=utf-8",
dataType: 'json',
})
}
</script>
</head>
<body>
<form id="ajaxForm" onsubmit="postForm(); return false; " method="post">
<input id="test" type="text" name="name" value="Hello JSON" />
<input type="submit" value="Submit JSON" />
</form>
</body>
</html>
The computer i'm trying to access is running the play framework. 我正在尝试访问的计算机正在运行播放框架。 I am receiving the following error: 我收到以下错误:
OPTIONS http://10.0.0.8:9000/demo 404 (Not Found) jquery-1.9.1.min.js:5 XMLHttpRequest cannot load http://10.0.0.8:9000/demo . 选项http://10.0.0.8:9000/demo 404(未找到)jquery-1.9.1.min.js:5 XMLHttpRequest无法加载http://10.0.0.8:9000/demo 。 Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin. Access-Control-Allow-Origin不允许使用http://localhost:8080 。
I've been stumped now for two days, can anyone help me out? 我已经被困了两天了,有人可以帮帮我吗?
Thanks ahead 谢谢你
1 个解决方案
解决方案1
19 已采纳 2013-03-14 14:38:05
The problem is that you're trying to make a cross-origin call (from http://localhost:8080 to http://localhost:9000 ). 问题是你正在尝试进行跨源调用(从http://localhost:8080到http://localhost:9000 )。 That's not allowed by the Same Origin Policy , so the browser is trying to use Cross-Origin Resource Sharing to ask the server if it's okay to allow the cross-origin call. 同源策略不允许这样做,因此浏览器尝试使用跨源资源共享来询问服务器是否可以允许跨源调用。 (That's the OPTIONS HTTP request you're seeing.) Since the server doesn't reply to the OPTIONS request with headers allowing the call, it's denied by the browser for security reasons. (这是您正在看到的OPTIONS HTTP请求。)由于服务器没有回复带有允许调用的标头的OPTIONS请求,因此出于安全原因,浏览器会拒绝该请求。
The SOP applies to all true "ajax" calls (eg, ones via XMLHttpRequest ). SOP适用于所有真正的“ajax”调用(例如,通过XMLHttpRequest调用)。 You can either: 你可以:
Update the server to implement the response to the
OPTIONSrequest passing back the headers to allow the call (which will make it work on most modern browsers ), or更新服务器以实现对OPTIONS请求的响应,传回标头以允许调用(这将使其适用于大多数现代浏览器 ),或者Make the request to the same port (I'm guessing there's a reason you're not doing that), so the request is to the same origin and the SOP doesn't apply, or
请求到同一个端口(我猜你有没有这样做的原因),所以请求是相同的来源,SOP不适用,或者 Switch over to using
JSON-P.切换到使用JSON-P。 ButJSON-Pis inappropriate for form submissions because it's aGET, andGEToperations are meant to be idempotent , which most form submissions aren't.但JSON-P不适合表单提交,因为它是一个GET,而GET操作意味着是幂等的 ,大多数形式的提交都不是。 So unless this happens to be an idempotent form submission (for instance, a search), using JSON-P would be a hack at best.因此,除非这恰好是幂等表单提交(例如,搜索),否则使用JSON-P将是最好的黑客攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.