stackoom
  简体   繁体   中英

Why am I getting Access-Control-Allow-Origin error when trying to use ajax to access a page?

 原文  2010-12-03 00:26:27       javascript/ ajax/ same-origin-policy

Question

I'm trying to use ajax to access some data on my website from a script that I want to be able to run anywhere. The ajax code from my script looks something like this 

var ajax = new XMLHttpRequest();
ajax.open('GET', 'http://mywebsite.com/page?i=2&json', true);
ajax.onreadystatechange = function() {
  if (ajax.status == 200) {
    console.log(JSON.parse(ajax.responseText));
  }
  else
    console.log('Could not connect.');
}
ajax.send();

But when I run it I get the error

XMLHttpRequest cannot load http://mywebsite.com/page?i=2&json . Origin http://anotherwebsite.com is not allowed by Access-Control-Allow-Origin.

On the script on my website I have the following lines inside of page, 

header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET');

But I still get the same error. I want that page on my website to be accessable from any other page on the Internet via ajax, because my script is an extension that should be usable on any website.

EDIT: Ok I got this working if I set the 'withCredentials' attribute on the ajax object to true and on my server send back Access-Control-Allow-Credentials header set to true. Then with my script I also passed the domain so it can be returned in Access-Control-Allow-Origin on my server script. The wildcard * didn't work. This is only tested in Chrome so far.

1 answers

solution1
 1  2010-12-03 01:54:48

Most browsers won't let you do cross-domain ajax, so what you could do is to make a call to a local server-side script that makes the cross-domain ajax and gives the answer back to your javascript. I heard of it named as "proxy-script" and is the only reliable solution I know. 

step 1: javascript on otherdomain.com --GET--> server-side script on otherdomain.com
step 2: server-side script on otherdomain.com --GET--> mywebsite.com/page?i=2&json
step 3: mywebsite.com/page?i=2&json --JSON--> server-side script on otherdomain.com
step 4: server-side script on otherdomain.com --JSON--> javascript on otherdomain.com

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why am I getting a No 'Access-Control-Allow-Origin' error? Why am I suddenly getting a “No 'Access-Control-Allow-Origin' header is present” error on my website? Error with "Access-Control-Allow-Origin", when i have "Access-Control-Allow-Origin: *" Ajax - “Access-Control-Allow-Origin” Error access-control-allow-origin error when executing ajax request Why do I get the error 'not allowed by Access-Control-Allow-Origin' after I use setRequestHeader? xmla4js I keep getting Origin null is not allowed by Access-Control-Allow-Origin ajax header Access-Control-Allow-Origin when trying to invoke Firebase Functions No 'Access-Control-Allow-Origin' header is present error in AJAX Request Access-Control-Allow-Origin - Error when trying to access JSON from Wordpress installation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM