Access-Control-Allow-Origin不允许使用Origin url
[英]Origin url is not allowed by Access-Control-Allow-Origin
问题描述
I know there are many questions already regarding this error. 
我知道关于这个错误已经有很多问题了。 But, I'm still not able to get this working even after setting the header 但是,即使在设置标题之后,我仍然无法使其工作
"Access-Control-Allow-Origin" : "*"
on my server side. 在我的服务器端。
Here is my spring mvc controller method: 这是我的spring mvc控制器方法:
@RequestMapping(method=RequestMethod.GET, value="dummy/{num}")
@ResponseBody
public ResponseEntity<Result> dummy(@PathVariable String num)
{
int n = Integer.parseInt(num);
final Result result = new Result();
result.setAddition(n+20);
result.setMultiplication(n*20);
result.setSubtraction(n-20);
HttpHeaders headers = new HttpHeaders();
headers.add("Access-Control-Allow-Origin", "*");
ResponseEntity<Result> ent = new ResponseEntity<Result>(result,headers,HttpStatus.CREATED);
return ent;
}
And here is my AJAX call from Jquery 这是我从Jquery调用的AJAX
$.ajax({
url: "http://localhost:8010/Probe_Rest_Service/test/dummy/9",
type: "get",
crossDomain: true,
dataType: 'json',
headers: {
"Content-type" : "application/json"
},
success: function(data){
console.log("It worked!");
alert(data);
},
error: function(){
// enable the inputs
alert("error");
}
});
I tried calling my REST api from dev-http client for chrome and it works fine (the response header has Access-Control-Allow-Origin:* set) . 我尝试从dev-http客户端调用我的REST api进行chrome操作并且工作正常(响应头具有Access-Control-Allow-Origin:* set)。 But, when i call it from my html file, i get the error. 但是,当我从我的html文件中调用它时,我得到了错误。
I use JBoss for my rest api and tomcat for hosting my client webpage 我使用JBoss作为我的rest api和tomcat来托管我的客户端网页
1 个解决方案
解决方案1
3 已采纳 2013-03-19 21:20:09
Since you're sending the request with content type application/json the client is forced to do a CORS pre-flight request. 由于您使用内容类型application/json发送请求,因此客户端被迫执行CORS飞行前请求。
The CORS specification says that any content type other than application/x-www-form-urlencoded , multipart/form-data , or text/plain requires a pre-flight request to determine whether the header is allowed. CORS规范说,除application/x-www-form-urlencoded , multipart/form-data或text/plain之外的任何内容类型都需要一个飞行前请求来确定是否允许标头。
Therefore, you'll need to handle the pre-flight request (HTTP method = OPTIONS ). 因此,您需要处理飞行前请求(HTTP方法= OPTIONS )。
To make it simple, let the server respond with the header: 为简单起见,让服务器使用标头进行响应:
Access-Control-Allow-Headers: *
That will allow all request headers. 这将允许所有请求标头。
UPDATE UPDATE
I read your question again, and found something I don't understand: Why are you sending the Content-Type header in the first place for an HTTP GET request? 我再次阅读了你的问题,发现了一些我不明白的问题:为什么你首先要发送一个HTTP-GET请求的Content-Type标题? This is not correct. 这是不正确的。
Just remove 只需删除
headers: {
"Content-type" : "application/json"
}
and try again. 然后再试一次。 That might fix it! 这可能会解决它!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.