访问控制允许起源错误
[英]Access-Control-Allow-Origin error
问题描述
I make AJAX calls to the same domain as the origin. 
我将AJAX调用发送给与原始域相同的域。 For example the origin is http://foo.com/folder/index.php and the domain in my AJAX call is going to http://foo.com/folder/finder.php . 例如,源是http://foo.com/folder/index.php ,而我的AJAX调用中的域是http://foo.com/folder/finder.php 。 So my AJAX call looks basicly like this : 所以我的AJAX呼叫基本上看起来像这样:
var url = "http://foo.com/folder/finder.php?";
request = createRequest();
request.open("GET", url, true);
request.onreadystatechange = confirmCall;
request.send(null);
In this case finder.php gives me a directory list back. 在这种情况下, finder.php给了我一个目录列表。 request is a global var. request是一个全局变量。 The AJAX call itself works perfect. AJAX调用本身可以完美运行。
While having no problem with CORS issues with different browsers on my computer other people getting the typical CORS Access-Control-Allow-Origin forbidden error. 尽管我的计算机上的不同浏览器没有发生CORS问题,其他人却遇到了典型的CORS Access-Control-Allow-Origin禁止错误。 Strange in this sense is that they get this error not always. 从这个意义上讲,奇怪的是,他们并非总是会收到此错误。
Please note : I red most of the relevant links to CORS, such as MDM for instance. 请注意:我将大多数与CORS相关的链接都涂成红色,例如MDM。 They all refer to cross domain calls as this is the issue. 他们都提到跨域调用,因为这是问题所在。
But I defenetly not making calls to cross domains. 但是我毫不犹豫地不拨打跨域电话。 Or do I oversee something? 还是我监督什么? Please, can anyone help me on this issue having the same problem ? 请,有人在这个问题上也可以帮助我吗?
1 个解决方案
解决方案1
1 已采纳 2015-07-05 15:47:26
Since this seems to have fixed the problem, I'll write an answer to cover it so you can finish this question. 由于这似乎已经解决了问题,所以我会写一个答案来解决它,以便您可以完成此问题。
If your server accepts both http://www.foo.com/folder/index.php and http://foo.com/folder/index.php (which is not uncommon), then you have to be very careful about how you request your Ajax calls because if someone types http://www.foo.com/folder/index.php into the browser bar so that's the URL used for the web page, but then your Ajax requests goes to http://foo.com/folder/finder.php , then the browser will complain that http://foo.com is not the same origin as http://www.foo.com and will refuse to make the Ajax call for cross origin security reasons. 如果您的服务器同时接受http://www.foo.com/folder/index.php和http://foo.com/folder/index.php (这并不罕见),那么您必须非常注意如何您之所以请求Ajax调用,是因为如果有人在浏览器栏中键入http://www.foo.com/folder/index.php ,因此这是用于网页的URL,但是您的Ajax请求将转到http://foo.com/folder/finder.php ,那么浏览器将抱怨http://foo.com与http://www.foo.com来源不同,并且出于跨来源安全性的考虑,将拒绝进行Ajax调用。
There are a couple of ways to fix this. 有两种方法可以解决此问题。 First off, you can fix it server-side by auto-redirecting http://foo.com to http://www.foo.com so all Ajax requests come from http://www.foo.com and then use that domain in your Ajax URLs. 首先,您可以通过将http://foo.com自动重定向到http://www.foo.com来在服务器端进行修复,以便所有Ajax请求都来自http://www.foo.com ,然后使用该请求您的Ajax网址中的域名。
Or, on the client side, you can make all your URLs be domain relative so they automatically use whichever domain the web page is using. 或者,在客户端,您可以使所有URL都是相对于域的,以便它们自动使用网页所使用的任何域。 So, instead of requesting your Ajax URL as http://foo.com/folder/finder.php? 因此,不是将您的Ajax URL请求为http://foo.com/folder/finder.php? , you would use /folder/finder.php? ,您会使用/folder/finder.php? . 。 The browser will automatically use the same domain the web page is loaded from and thus no cross-origin issue. 浏览器将自动使用从中加载网页的同一域,因此不会出现跨域问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.