CORS,IIS7和PHP - Access-Control-Allow-Origin错误
[英]CORS, IIS7 and PHP - Access-Control-Allow-Origin error
问题描述
i'm trying to allow another host (a local host, like javascript.dev ) to make a xhr to this host, it is an IIS7 and if i curl -I it, this is the headers: 
我试图允许另一个主机(本地主机,如javascript.dev )为这台主机制作一个xhr,它是一个IIS7,如果我curl -I ,它是标题:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.28
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: *
X-Powered-By: ASP.NET
Date: Fri, 20 Jun 2014 12:09:33 GMT
this is the headers for curl -v -X OPTIONS : 这是curl -v -X OPTIONS的标题:
* About to connect() to www2.xxxxxxxxxxxx.com.br port 80 (#0)
* Trying 200.98.xxx.100...
* Connected to www2.xxxxxxxxxxxx.com.br (200.98.xxx.100) port 80 (#0)
> OPTIONS /jobs/xxxxxxx/user/ HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www2.xxxxxxxxxxxx.com.br
> Accept: */*
>
< HTTP/1.1 200 OK
< Allow: OPTIONS, TRACE, GET, HEAD, POST
* Server Microsoft-IIS/7.0 is not blacklisted
< Server: Microsoft-IIS/7.0
< Public: OPTIONS, TRACE, GET, HEAD, POST
< X-Powered-By: ASP.NET
< Date: Fri, 20 Jun 2014 13:01:25 GMT
< Content-Length: 0
i used php to change the Access-Control-Allow-Origin , but when i do the xhr, with or without jquery, this is the error i'm getting: 我使用php来改变Access-Control-Allow-Origin ,但是当我使用或不使用jquery执行xhr时,这是我得到的错误:
XMLHttpRequest cannot load http://www2.xxxxxxxx.com.br/jobs/xxxxxx/user/.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://javascript.dev' is therefore not allowed access.
to document, additional steps i made to solve: 记录,我要解决的其他步骤:
i added code in the answer above to my web.config and get this error: 我在上面的答案中添加了代码到我的web.config并得到此错误:
XMLHttpRequest cannot load http://www2.madeinweb.com.br/jobs/eminhasaude/user.
Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
because Access-Control-Allow-Headers don't accept wildcards * . 因为Access-Control-Allow-Headers不接受通配符* 。 to solve: 解决:
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
1 个解决方案
解决方案1
5 已采纳 2014-06-20 13:24:22
Based upon comments it looks like you're missing the Access-Control-Allow-Origin header when an OPTIONS request is submitted. 基于注释,当提交OPTIONS请求时,您似乎错过了Access-Control-Allow-Origin标头。 According to this article it should be a simple case of adding the following code to your PHP page... 根据这篇文章,它应该是一个简单的例子,将以下代码添加到您的PHP页面...
<?php
header('Access-Control-Allow-Origin: *');
?>
If that still doesn't work then you should check the IIS handler mapping for PHP (see here ) and make sure that OPTIONS is an allowed verb. 如果仍然无效,那么您应该检查PHP的IIS处理程序映射(请参阅此处 )并确保OPTIONS是允许的动词。 Hopefully that does the job! 希望能完成这项工作!
This article also indicates that you could skip modifying the PHP at all and simply add the following to your web.config: 该文章还指出,你可以跳过所有修改PHP,只需添加以下到你的web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Max-Age" value="1000" />
</customHeaders>
</httpProtocol>
</system.webServer>
Be aware that this will open up the entire site rather than just one page... 请注意,这将打开整个网站,而不仅仅是一个页面......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.