[英]Access-Control-Allow-Origin error
I'm using the following script - 我正在使用以下脚本 -
<!DOCTYPE html>
<html>
<head>
<script src="jquery-1.9.1.min.js"></script>
<script>
function postForm() {
$.ajax({
type: 'POST',
url: 'http://10.0.0.8:9000/demo',
data: {"name" : "test"},
contentType: "application/json; charset=utf-8",
dataType: 'json',
})
}
</script>
</head>
<body>
<form id="ajaxForm" onsubmit="postForm(); return false; " method="post">
<input id="test" type="text" name="name" value="Hello JSON" />
<input type="submit" value="Submit JSON" />
</form>
</body>
</html>
The computer i'm trying to access is running the play framework. 我正在尝试访问的计算机正在运行播放框架。 I am receiving the following error: 我收到以下错误:
OPTIONS http://10.0.0.8:9000/demo
404 (Not Found) jquery-1.9.1.min.js:5 XMLHttpRequest cannot load http://10.0.0.8:9000/demo
. 选项http://10.0.0.8:9000/demo
404(未找到)jquery-1.9.1.min.js:5 XMLHttpRequest无法加载http://10.0.0.8:9000/demo
。 Origin http://localhost:8080
is not allowed by Access-Control-Allow-Origin. Access-Control-Allow-Origin不允许使用http://localhost:8080
。
I've been stumped now for two days, can anyone help me out? 我已经被困了两天了,有人可以帮帮我吗?
Thanks ahead 谢谢你
The problem is that you're trying to make a cross-origin call (from http://localhost:8080
to http://localhost:9000
). 问题是你正在尝试进行跨源调用(从http://localhost:8080
到http://localhost:9000
)。 That's not allowed by the Same Origin Policy , so the browser is trying to use Cross-Origin Resource Sharing to ask the server if it's okay to allow the cross-origin call. 同源策略不允许这样做,因此浏览器尝试使用跨源资源共享来询问服务器是否可以允许跨源调用。 (That's the OPTIONS
HTTP request you're seeing.) Since the server doesn't reply to the OPTIONS
request with headers allowing the call, it's denied by the browser for security reasons. (这是您正在看到的OPTIONS
HTTP请求。)由于服务器没有回复带有允许调用的标头的OPTIONS
请求,因此出于安全原因,浏览器会拒绝该请求。
The SOP applies to all true "ajax" calls (eg, ones via XMLHttpRequest
). SOP适用于所有真正的“ajax”调用(例如,通过XMLHttpRequest
调用)。 You can either: 你可以:
Update the server to implement the response to the OPTIONS
request passing back the headers to allow the call (which will make it work on most modern browsers ), or 更新服务器以实现对OPTIONS
请求的响应,传回标头以允许调用(这将使其适用于大多数现代浏览器 ),或者
Make the request to the same port (I'm guessing there's a reason you're not doing that), so the request is to the same origin and the SOP doesn't apply, or 请求到同一个端口(我猜你有没有这样做的原因),所以请求是相同的来源,SOP不适用,或者
Switch over to using JSON-P
. 切换到使用JSON-P
。 But JSON-P
is inappropriate for form submissions because it's a GET
, and GET
operations are meant to be idempotent , which most form submissions aren't. 但JSON-P
不适合表单提交,因为它是一个GET
,而GET
操作意味着是幂等的 ,大多数形式的提交都不是。 So unless this happens to be an idempotent form submission (for instance, a search), using JSON-P would be a hack at best. 因此,除非这恰好是幂等表单提交(例如,搜索),否则使用JSON-P将是最好的黑客攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.