如何修复跨域请求阻止针对ajax请求(在Firefox中)?
[英]How to fix Cross-Origin Request Blocked for ajax request (in Firefox)?
问题描述
I get the following error from an ajax request in Firefox: 
我从Firefox中的ajax请求中收到以下错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://www.example.org/php/save.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
I tried to find out why this is happening. 我试图找出原因。 It is strange since 因为这很奇怪
- the script works totally fine on my subdomain on the same server 该脚本在同一服务器上的子域上完全可以正常运行
- the file accessed is on the same server 访问的文件在同一服务器上
I also tried 我也试过
xhttp = new XMLHttpRequest({mozSystem: true});
as suggested here: https://stackoverflow.com/a/22392080 如此处建议的那样: https : //stackoverflow.com/a/22392080
But that did not help either. 但这也无济于事。
I am using the following command to open the request: 我正在使用以下命令打开请求:
xhttp.open('POST', '/php/save.php', true);
I found a number of other solution for when the file is on another server: 当文件在另一台服务器上时,我发现了许多其他解决方案:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
But I don't see why I should do this if the file is actually on the same server... 但是我不明白如果文件实际上在同一台服务器上,为什么我应该这样做呢?
Edit 编辑
I removed the following two lines from my .htaccess file and now it works. 我从.htaccess文件中删除了以下两行,现在可以使用了。
RewriteCond %{HTTP_HOST} !^www\.example\.org$ [NC]
RewriteRule .? http://www.example.org%{REQUEST_URI} [R=301,L]
Though I am not sure why... maybe the adding of www. 虽然我不确定为什么...也许是www.的添加www. works like moving to a subdomain? 就像移到子域一样?
What would I have to add to my .htaccess file to get it to work with ajax and the rewrite? 我需要添加什么到.htaccess文件中才能使其与Ajax和重写一起工作?
2 个解决方案
解决方案1
1 已采纳 2017-01-24 11:37:17
This is what solved my problem - though I am not sure why. 这就是解决我的问题的方法-尽管我不确定为什么。 Instead of the rewrite I used before I use: 在使用之前,我没有使用重写:
RewriteCond %{HTTP_HOST} !^www\.example\.org$ [NC]
RewriteRule ^(.*)$ http://www.example.org/$1 [R=301,L]
解决方案2
0 2017-01-24 08:13:16
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. 出于安全原因,浏览器限制了从脚本内部发起的跨域HTTP请求。 For example, XMLHttpRequest and Fetch follow the same-origin policy. 例如,XMLHttpRequest和Fetch遵循同源策略。 So, a web application using XMLHttpRequest or Fetch could only make HTTP requests to its own domain. 因此,使用XMLHttpRequest或Fetch的Web应用程序只能向其自己的域发出HTTP请求。
To enable your request across different domain you could: 要跨不同域启用您的请求,您可以:
- Enable cross-origin resource sharing (recommended) 启用跨域资源共享(推荐)
CORS is a standard mechanism that can be used by all browsers for implementing cross-domain requests. CORS是一种标准机制,所有浏览器都可以使用它来实现跨域请求。 You specify a set of headers that allow the browser and server to communicate. 您指定一组标题,以允许浏览器和服务器进行通信。
Useful resource: http://enable-cors.org/ 有用的资源: http : //enable-cors.org/
Use a reverse proxy.
使用反向代理。 Use JSONP (works only if you need to read data).
使用JSONP(仅在需要读取数据时才有效)。
More infos: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing 更多信息: https : //en.wikipedia.org/wiki/Cross-origin_resource_sharing
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.