Access-Control-Allow-Origin not working correctly
Question
I'm making a cross domain POST request. I added Access-Control-* headers to the web server, but Google Chrome javascript console raises:
XMLHttpRequest cannot load http://api.sharee.dev:3000/assets.json. Origin http://sharee.dev:4000 is not allowed by Access-Control-Allow-Origin.
POST http://api.sharee.dev:3000/assets.json undefined (undefined)
Here are all the packets that are transferred during the request: http://pastie.org/1882455
As you can see it stills sends the POST request after OPTIONS request. It doesn't work in Firefox either. Firefox shows that POST request was sent to the server and the response code was 200, but the response itself is empty.
4 answers
solution1
2 ACCPTED 2011-05-10 03:25:49
The Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers should be a part of any CORS response (including the preflight OPTIONS request and the POST request). Your current example shows them only on the OPTIONS response.
solution2
1 2012-02-02 10:47:21
you can check the answer for the following post in superuser. I had happened to post the problem on chromium-dev google groups a while back.
solution3
0 2011-05-09 21:15:57
Grappling with exactly the same myself but with my server access, finally proxied all such calls to get it running. But this will not be ideal in distribution. Have you tried matching up headers and/or values requested vs. those responded? Also, in my research, browser version can play. Please give the exact versions you are debugging now.
solution4
0 2011-05-09 21:33:23
我认为您还需要在POST响应上放置Access-Control标头?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.