'Access-Control-Allow-Origin'标头包含多个值
[英]The 'Access-Control-Allow-Origin' header contains multiple values
问题描述
i'm trying to send get request to api like it's a login url 
我正在尝试向api发送get请求,就像它是一个登录URL
var url = "http://demo.software.travel/gptp/api/authorization?apiKey=****&alias=****&login=****&password=****"
$.get(url, function(data) {
console.log(data);
});
i'm getting this in my console this error 我在我的控制台中收到此错误
XMLHttpRequest cannot load http://demo.software.travel/gptp/api/authorization?apiKey= ****&alias=****&login=****&password=****.
i'm trying to see questions here to solve it but i didn't get what i need to change, this is annoying actually. 我试图在这里看到问题来解决它,但我没有得到我需要改变的东西,实际上这很烦人。
The 'Access-Control-Allow-Origin' header contains multiple values
this solved by asp.net web.congif
By the way i'm using CHROME BROWSER any help i appreciate. 顺便说一句,我正在使用CHROME BROWSER,我欣赏任何帮助。
UPDATE response headers: UPDATE响应标头:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, x-requested-with, Content-Type, accept, Token
Access-Control-Allow-Methods:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Access-Control-Allow-Origin:http://travellights.net
Access-Control-Allow-Origin:*
Connection:close
Content-Encoding:gzip
Content-Type:application/json;charset=utf-8
Date:Thu, 02 Jun 2016 16:41:18 GMT
Server:nginx/1.1.19
Set-Cookie:JSESSIONID=51FEE1A1206B9B481DD3EEA4167A9256; Path=/gptp
Vary:Origin
Vary:Accept-Encoding
X-UA-Compatible:IE=EmulateIE7
Request Headers: 请求标题:
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ar;q=0.6,en-GB;q=0.4
Connection:keep-alive
Host:demo.software.travel
Origin:http://travellights.net
Referer:http://travellights.net/b2b/Pages/login?
User-Agent:Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
2 个解决方案
解决方案1
4 已采纳 2016-06-02 16:24:51
You are attempting to do Cross-origin resource sharing (CORS) which is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the resource originated. 您正在尝试执行跨源资源共享(CORS),这是一种允许从源自该资源的域之外的另一个域请求网页上的受限资源的机制。 (such as accessing fonts or JSON files). (例如访问字体或JSON文件)。
Browsers restrict your access to resources from other origins as of Same-origin policy as a security measure for internet users. 浏览器限制您从同源策略访问其他来源的资源,作为互联网用户的安全措施。
To get around this issue you have to options: 要解决此问题,您必须选择:
- allow CORS on the domain http://demo.software.travel (but there is are security concerns, more description about it here: https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing ) 允许域http://demo.software.travel上的CORS(但是存在安全问题,更多关于它的描述: https : //www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing )
Enable CORS on the server to be able to access other domains through. 在服务器上启用CORS以便能够访问其他域。 this can be done by adding the following headers to responses: 这可以通过在响应中添加以下标头来完成:
Access-Control-Allow-Origin: http://travellights.net Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
- if you are not granted resource sharing with that domain, you are allowed to use JSONP for read only operations (JSONP is inherently read-only) 如果未授予您与该域的资源共享,则允许您将JSONP用于只读操作(JSONP本质上是只读的)
JSONP wraps a JSON object in a callback, which technically makes the request a non-restricted resource (a script tag) hence can be shared across domains. JSONP在回调中包装JSON对象,这在技术上使请求成为非受限资源(脚本标记),因此可以跨域共享。
it can be done via vanilla js by adding a script tag onto the page. 它可以通过在页面上添加脚本标签来通过vanilla js完成。
function process(data) {
// do stuff with JSON
}
var script = document.createElement('script');
script.src = '//domainURL?callback=process'
document.getElementsByTagName('head')[0].appendChild(script);
or you can use jquery to achieve the same: 或者您可以使用jquery来实现相同的目标:
$.ajax({enter code here
url: "http://query.yahooapis.com/v1/public/yql",
jsonp: "callback",
dataType: "jsonp",
data: {
q: "select title,abstract,url from search.news where query=\"cat\"",
format: "json"
},
success: function( response ) {
console.log( response ); // server response
}
});
jquery documentation: https://learn.jquery.com/ajax/working-with-jsonp/ jquery文档: https : //learn.jquery.com/ajax/working-with-jsonp/
解决方案2
3 2017-10-24 18:32:58
If you set "Full" CORS (with OPTION pre-request) on in nginx by add 'access-control-allow-origin *' and independently you add that header (for Simple CORS - without OPTION pre-request) to each response in SERVER (eg. php): 如果你通过添加'access-control-allow-origin *'在nginx中设置“Full”CORS (带有OPTION预请求)并且单独添加那个头(对于Simple CORS - 没有OPTION预请求)到每个响应中SERVER(例如php):
header('Access-Control-Allow-Origin', "*");
Then you will get this problem. 那你就会遇到这个问题。 Solution: remove code which add this header in server if already you add this header in your nginx config :) 解决方案:删除在服务器中添加此标头的代码,如果已经在nginx配置中添加此标头:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.