从CORS策略阻止从源"http://localhost"访问"..."处的XMLHttpRequest [英] Access to XMLHttpRequest at '...' from origin 'http://localhost' has been blocked by CORS policy

问题描述

我正在尝试使用javascript演示api调用以获取Json结果.这是我所做的:

I'm trying to demo an api call with javascript to get Json result. Here is what I did:

<!DOCTYPE html>
<html>
    <head>
    </head>
        <script src="https://canvasjs.com/assets/script/jquery-1.11.1.min.js"></script>
    <body>
        <div class="render-form">
            <script>
                $(document).ready(function() {
                    $.ajax({
                        type: 'GET',
                        headers:{    
                            'Accept': 'application/json',
                            'Content-Type': 'application/json',
                            'Access-Control-Allow-Origin': '*' 
                        },
                        url: 'http://127.0.0.1:8080/activiti-rest/service/form/form-data?taskId=21159',
                        dataType: 'json',
                        success: function (data) {
                            alert(JSON.stringify(data));
                        }
                    });
                })
            </script>
        </div>
    </body>
</html>

但是当我运行它时，出现了一个错误:

But when I run it, I got an error:

通过' http://127.0.0.1:8080/activiti-rest/service/form/form-data?taskId = 21159 '从来源' http://localhost"已被CORS策略阻止:对预检请求的响应未通过访问控制检查:所请求的资源上没有"Access-Control-Allow-Origin"标头.

Access to XMLHttpRequest at 'http://127.0.0.1:8080/activiti-rest/service/form/form-data?taskId=21159' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

在这里搜索了很多帖子之后，我添加了:

After searching many post in here, I added:

headers:{    
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Access-Control-Allow-Origin': '*' 
},

但是它仍然无法解决该错误.我该如何解决?
任何答复将不胜感激！
非常感谢你！ 

But it still not work with that error. How should I fix this?
Any reply would be very appreciate!
Thank you very much!  

推荐答案

如果您正在Tomcat上运行Activiti框架，则可以通过过滤器在Tomcat中配置CORS支持.您需要将此过滤器添加到web.xml文件中，并对其进行配置以符合您的要求.

If you are running the Activiti framework on Tomcat, you can config CORS support in Tomcat via a filter. You need to add this filter to your web.xml file and configure it to match your requirements.

查看Tomcat的文档:
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter

Check Tomcat's documentation:
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter

还请注意:

• 正如@Quentin在评论中指出的那样，您使用的是jQuery版本，该版本已有5年历史，并且可能过时.
• 您在ajax请求中使用的 Access-Control-Allow-Origin 标头是响应标头，而不是请求标头，因此应为服务器在响应中返回的值.您不能在请求中使用响应头.

• As @Quentin pointed out in a comment you are using a jQuery version that is 5 years old and dangerously out of date.
• The Access-Control-Allow-Origin header you are using in your ajax request is a response header, not a request header, so it should be returned by the server in the response. You can't use response headers in a request.

这篇关于从CORS策略阻止从源"http://localhost"访问"..."处的XMLHttpRequest的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！