跨域请求被阻止:“相同来源策略”不允许读取远程资源
[英]Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource a
问题描述
I have written a font file in the response in my code.The response code is working fine.But when i call that code from its url,i get the following error: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at" and it automatically turns off my server. 
我已经在响应中的代码中编写了一个字体文件。响应代码可以正常工作。但是,当我从其url调用该代码时,出现以下错误:“跨域请求被阻止:相同的原产地政策不允许阅读远程资源位于”,它将自动关闭我的服务器。
But sometimes same code works......but maximun time it does not work. 但是有时候相同的代码可以工作……但是最长的时间却无法工作。 I am using tomcat 7 with netbeans 7 and jdk1.6 package Here is the part of my code. 我将tomcat 7与netbeans 7和jdk1.6包一起使用这是我的代码的一部分。 Hope i get my ans as i am really confused what to search for. 希望我能得到答案,因为我真的很困惑要搜索什么。
File file = new File(SubsettedSavedPath);
byte[] buffer = new byte[(int)file.length()];
FileInputStream fis = new FileInputStream(file);
fis.read(buffer, 0, buffer.length);
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Access-Control- Allow-Origin,FTPConectionClosed,CopyStreamException,Access-Control-Allow-Methods,Access-Control-Max-Age");
response.setContentType("font/ttf");
System.out.println("File Size"+file.length());
response.setContentLength((int) file.length());
OutputStream os = response.getOutputStream();
try {
os.write(buffer);
os.flush();
} catch (Exception excp) {
excp.printStackTrace();
} finally {
os.close();
fis.close();
}
3 个解决方案
解决方案1
0 2014-08-24 11:21:02
尝试对具体域而不是*使用Access-Control-Allow-Origin 。
解决方案2
0 2014-10-15 05:42:50
Use Access-Control-Allow-Origin value equal to requested domain name instead of * . 使用等于请求的域名的Access-Control-Allow-Origin值代替* 。
String uri = request.getScheme() + request.getServerName();
response.setHeader("Access-Control-Allow-Origin", uri);
解决方案3
0 2016-09-09 11:35:05
Tomcat 7 has an integrate library for setting the cors filter. Tomcat 7具有用于设置cors过滤器的集成库。 You do not have to import any library for the following to work: 您无需导入任何库即可执行以下操作:
Just set the allowed 'cors.allowed.origins' websites in web.xml. 只需在web.xml中设置允许的“ cors.allowed.origins”网站。 You can put multiple comma separated values. 您可以放置多个逗号分隔的值。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://www.the-target-domain.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
In JavaScript I do a GET call to " http://www.the-target-domain.com/ ...". 在JavaScript中,我对“ http://www.the-target-domain.com/ ...”进行了GET调用。
By setting the CorsFilter in the web.xml configuration, I assure Firefox that it is ok for the JavaScript to access that site. 通过在web.xml配置中设置CorsFilter,我向Firefox保证JavaScript可以访问该站点。
There is a great answer by Pere Barceló, that you can set directly in Apache Tomcat http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter PereBarceló有一个很好的答案,您可以直接在Apache Tomcat中设置http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
similar uestions: Set CORS header in Tomcat Access-Control-Allow-Origin: * in tomcat 类似的想法: 在Tomcat Access-Control-Allow-Origin中 设置CORS标头 :*在tomcat中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.