尽管设置了PHP标头和.htaccess文件,但我收到了CORS错误
[英]I am getting CORS errors despite setting PHP headers and .htaccess file
问题描述
I have had a lot of success securely allowing CORS but I have tried with another page and it's not working. 
我已经取得了很多成功,安全地允许CORS,但我尝试了另一个页面,但它无法正常工作。 I hope someone can tell me what I'm missing. 我希望有人可以告诉我我错过了什么。 I know that * is insecure, but I'm trying that just to eliminate the site name as a variable. 我知道*是不安全的,但我正在尝试将网站名称作为变量消除。
.htaccess file .htaccess文件
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
and the top of my php file: 和我的PHP文件的顶部:
// Allow from any origin just for testing...
if (isset($_SERVER['HTTP_ORIGIN'])) {
// in production, no *, but using my real domain
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
When accessing the php file with an ajax request, I receive: Access to XMLHttpRequest at ' https://sitename.000webhostapp.com/ ' from origin ' https://samesitename.com ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 当使用ajax请求访问php文件时,我收到:来自' https://samesitename.com '的' https://sitename.000webhostapp.com/ '访问XMLHttpRequest已被CORS策略阻止:没有'访问权限-Control-Allow-Origin'标头出现在请求的资源上。
It works in Postman. 它适用于邮递员。 Here is header info: 这是标题信息:
Date →Mon, 29 Apr 2019 18:50:03 GMT
Content-Type →text/html; charset=UTF-8
Transfer-Encoding →chunked
Connection →keep-alive
Access-Control-Allow-Origin →*
Access-Control-Allow-Headers →origin, x-requested-with, content-type
Access-Control-Allow-Methods →PUT, GET, POST, DELETE, OPTIONS
Server →awex
X-Xss-Protection →1; mode=block
X-Content-Type-Options →nosniff
X-Request-ID →18341eb6e5c7e5f483d8dd3a3a492b9c
Content-Encoding →gzip
The bigger story is that I'm hosting the main site on firebase which doesn't support PHP, so I put the php files on 000webhostapp.com as a workaround. 更大的故事是我在firebase上托管主站点,它不支持PHP,所以我将php文件放在000webhostapp.com上作为解决方法。
1 个解决方案
解决方案1
0 2019-04-29 19:57:51
In case anyone comes across this post with a similar issue, my resolution was to double check the url!!! 如果有人遇到类似问题,我的决议是要仔细检查网址!
I posted that I was checking 我发布了我正在检查
https://sitename.000webhostapp.com/
when I was supposed to reference 当我应该参考
https://sitename.000webhostapp.com/php/mail.php
Thanks to @Phil and @emix for forcing me to check the details. 感谢@Phil和@emix强迫我查看详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.