仅当url带有www前缀时才会发生CORS错误 [英] CORS error only occuring when url is prefixed with www
问题描述
我目前遇到有关CORS(跨域资源共享)的问题,奇怪的是,这似乎仅在我使用www前缀URL时才发生.
I am currently having an issue regarding CORS (Cross-origin resource sharing) the odd thing being this only seems to happen when i prefix my url using www.
例如,当我使用以下网址访问我的网站时:" http://example.com/index一切正常,并且所有资源均已正确加载.但是,当我尝试使用URL" http://www.example.com/index 访问我的网站时>我收到错误跨域请求被阻止:相同来源策略不允许从http://example.com/index读取远程资源.(原因:CORS标头"Access-Control-Allow-Origin"缺失).
For example when i go to my website using the url: "http://example.com/index" everything works fine and all resources are loaded correctly. however when i try to visit my website using the url "http://www.example.com/index" i get the error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://example.com/index. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
我要加载的资源是使用以下代码的XML文件:
The resource i am trying to load is an XML file using the following code:
function loadXML()
{
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
xmlData = xhttp.responseXML;
initStartShot();
}
};
xhttp.open("GET", "http://example.com/XML/someXMLfile.xml", true);
xhttp.send();
}我所有的资源文件都与我的页面位于同一域中.
all my resource files are on the same domain as my page.
i have looked around SO for issues related to mine, but most are about CORS in general, and how to get it to work. but seeing the fact i'm not having any CORS issues without "www" prefixed this doesn't seem applicable to my issue.
很遗憾,我无法共享url本身,但是如果您需要其他任何信息,我会尽力提供.
Unfortunately I am unable to share the url itself, but if you require any other information i'll do my best to provide it.
任何帮助将不胜感激.
〜雷米(Remy)
推荐答案
example.com 和 www.example.com 是不同的起源.为了具有相同的来源,URL方案,主机名和端口必须相同. www.example.com 和 example.com 不是相同的主机名.
example.com and www.example.com are different origins. To be the same origin the URL scheme, hostname, and port must be the same. www.example.com and example.com are not the same hostname.
默认情况下, 允许JavaScript访问来自相同来源的数据.
By default it is allowed for JavaScript to access data from the same origin.
由于您尝试从另一个来源访问一个来源,因此收到有关缺少CORS权限的错误.
You get the error about the missing CORS permissions because you are trying to access one origin from the other.
有几种方法可以解决此问题.
There are several ways you can resolve this.
- 首先不要使用多个来源.选择
example.com和www.example.com中的一种作为规范.配置您的HTTP服务器以发出301从非规范的重定向到规范的重定向. - 使用相对URL.您的绝对URL意味着当您使用错误的来源时,它仍然尝试访问另一个.使用相对网址将使请求的来源与页面相同.
- 配置您的服务器以使用CORS标头将权限授予其他来源.
- Don't use multiple origins in the first place. Pick one of
example.comandwww.example.comto be canonical. Configure your HTTP server to issue 301 redirects from the non-canonical one to the canonical one. - Use relative URLs. Your absolute URL means that when you are on the wrong origin, it still tries to access the other one. Using a relative URL will keep the request going to the same origin as the page.
- Configure your server to grant permission to the other origin with CORS headers.
我建议选择其中的第一个.
I recommend the first of those options.
这篇关于仅当url带有www前缀时才会发生CORS错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
