堆栈内存溢出
  简体   繁体   English

CORS响应标头如何阻止浏览器JavaScript访问响应对象?

[英]How do CORS response headers prevent browser javascript to access response object?

 原文  2019-06-27 14:49:16       javascript/ apache/ cors

问题描述

So I am running two applications foo.com and bar.com using traditional cgi scripts on an apache server. 因此,我在apache服务器上使用传统的cgi脚本运行两个应用程序foo.com和bar.com。 I make an AJAX request from foo to bar. 我从foo到bar发出AJAX请求。 The request makes it to bar, executes but because the apache server does not add any CORS headers, the browser says the request failed. 该请求被禁止执行,但是由于apache服务器未添加任何CORS标头,因此浏览器表示请求失败。

The CORS documentation on MDN explains that the browser Javascript doesn't know the specifics of the failure, it just knows that the response failed. MDN上的CORS文档解释说,浏览器Javascript不知道失败的细节,它只知道响应失败。

My question is, does the response object contain the response returned by my cgi script and the browser just chose to show this as an error because it couldn't find the Access-Control-Allow-Origin header ? 我的问题是,响应对象是否包含我的cgi脚本返回的响应,并且浏览器只是选择将其显示为错误,因为它找不到Access-Control-Allow-Origin标头?

From my inspection of the response object, it seems that the apache server did not send the response from the cgi script's output at all. 从我对响应对象的检查来看,似乎apache服务器根本没有从cgi脚本的输出发送响应。

It is unclear, who is responsible for containing the response here: 目前尚不清楚,谁负责在此处包含响应:

  • Is it the apache server 是apache服务器吗

  • Is it the fetch/XMLHTTP api 是fetch / XMLHTTP API

Note: I used jquery to make the AJAX calls 注意:我使用jquery进行AJAX调用

1 个解决方案

解决方案1
 1  2019-06-27 14:56:07

How do CORS response headers prevent browser javascript to access response object? CORS响应标头如何阻止浏览器JavaScript访问响应对象?

They don't. 他们没有。 Your JS being unable to access the response data is the default behaviour. 您的JS无法访问响应数据是默认行为。 CORS headers can grant permission that would be denied by default. CORS标头可以授予默认情况下将被拒绝的权限。

The Same Origin Policy is implemented by the browser. 相同来源策略是由浏览器实现的。 The server doesn't know about it (except in so much as it might be explicitly configured to send CORS headers in the response). 服务器对此一无所知(除了可能被明确配置为在响应中发送CORS标头之外)。

The browser receives the HTTP response, determines that permission was not granted, and generates a response object saying as much which it provides to the JavaScript program. 浏览器接收HTTP响应,确定未授予许可,并生成一个响应对象,说明该对象提供给JavaScript程序的程度。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Javascript中访问Websocket响应头? - How to access Websocket Response Headers in Javascript? 启用CORS-自定义响应标头不匹配 - enabling CORS - custom response headers do not match 使用JavaScript访问缓存响应标头 - Access cache response headers with JavaScript Javascript Image - 访问响应头 - Javascript Image - access headers in response 在CORS请求上访问响应头 - Accessing response headers on CORS request 如何在Angular 5中使用HttpClient访问响应标头? - How do I access response headers using HttpClient in Angular 5? 如何使用 ServiceStack 访问响应标头 - How do I access the Response Headers using ServiceStack 如何在此JSON响应中访问browser和browser_version? - How do I access browser and browser_version in this JSON response? 如何将响应和请求标头转换为 Javascript 中的数组缓冲区? - How do i convert response and request headers to arraybuffers in Javascript? Javascript-CORS没有回应 - Javascript - CORS no response
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM