Access-Control-Allow-Origin不允许Origin,但定义了通配符?
[英]Origin is not allowed by Access-Control-Allow-Origin but wildcard is defined?
问题描述
I'm working on a project (frontend) that will communicate with an other one (API) in an other domain. 
我正在开发一个项目(前端),它将与另一个域中的另一个(API)进行通信。
For now, I'm working in local, with this configuration : 现在,我正在本地工作,具有以下配置:
- Frontend :
http://127.0.0.1:9000前端 : http://127.0.0.1:9000:http://127.0.0.1:9000:http://127.0.0.1:9000 - API :
http://127.0.0.1:9100API : http://127.0.0.1:9100:http://127.0.0.1:9100:http://127.0.0.1:9100
In my API program, I defined an OPTIONS request that returns these headers along with a HTTP status code 200 : 在我的API程序中,我定义了一个OPTIONS请求,它返回这些标头以及HTTP状态代码200:
Access-Control-Allow-Headers:accept, origin, x-requested-with, content-type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Max-Age:15
Content-Length:0
Using jQuery, I make an Ajax request to this url. 使用jQuery,我向这个url发出Ajax请求。 As an example, here's the Request header for the OPTIONS query : 例如,这是OPTIONS查询的Request标头:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, origin, x-requested-with, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:127.0.0.1:9100
Origin:http://127.0.0.1:9000
Referer:http://127.0.0.1:9000/login
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31
This goes with success (Status code : 200 OK), and then a POST is made to the http://127.0.0.1:9100/auth/login , as expected, but I got this in my Network panel : 这取决于成功(状态代码:200 OK),然后按预期对http://127.0.0.1:9100/auth/login进行POST,但我在网络面板中得到了这个:
Status : Canceled |
If I look in the console, I got this error : 如果我查看控制台,我收到此错误:
XMLHttpRequest cannot load
http://127.0.0.1:9100/auth/login.http://127.0.0.1:9100/auth/login。 Originhttp://127.0.0.1:9000is not allowed by Access-Control-Allow-Origin.http://127.0.0.1:9000。
But, as we can see, Access-Control-Allow-Origin is defined as "*". 但是,正如我们所看到的,Access-Control-Allow-Origin被定义为“*”。 I also tried to change it to "127.0.0.1:9000" and " http://127.0.0.1:9000 ", the same error appears on the console. 我还尝试将其更改为“127.0.0.1:9000”和“ http://127.0.0.1:9000 ”,控制台上出现相同的错误。
Now, some details about my jQuery ajax command. 现在,关于我的jQuery ajax命令的一些细节。 The ajax itself is quite simple : ajax本身很简单:
jQuery.ajax({
'url': '/auth/login',
'type': 'POST',
'data': {'login': 'abc', 'password': 'def'},
'timeout': 15000
}).done(function (data, status, xhr) {
console.log ('ok');
}).fail(function (xhr, status, description) {
console.error('oups');
});
But the Base URL for the API is added after, via the jQuery.ajaxPrefilter method : 但是,通过jQuery.ajaxPrefilter方法添加API的基本URL:
jQuery.ajaxPrefilter (function (options) {
var url = document.createElement('a');
url.href = options.url;
options.url = 'http://127.0.0.1:9000' + url.pathname;
});
This is made in order to avoid changing multiple files when the url changes. 这是为了避免在URL更改时更改多个文件。 I don't know if this is the origin of the problem, but so far I can't make the POST request works even if everything regarding the CORS configuration seems to be ok. 我不知道这是否是问题的根源,但到目前为止我无法使POST请求工作,即使有关CORS配置的一切似乎都没问题。
What did I do wrong ? 我做错了什么 ?
1 个解决方案
解决方案1
1 已采纳 2013-04-24 12:16:39
Ok the answer is quite simple in fact, but you need it to know. 好的答案其实很简单,但你需要知道。
The Headers doesn't only be made available on the OPTIONS request, but on ALL the request (even the GET/POST/PUT/DELETE requests). Headers不仅可以在OPTIONS请求中使用,而且可以在所有请求上使用(甚至是GET / POST / PUT / DELETE请求)。
That's why it wasn't working for me. 这就是为什么它不适合我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.