访问控制允许来源错误 [英] Access-Control-Allow-Origin error
问题描述
我正在使用以下脚本 -
I'm using the following script -
<!DOCTYPE html>
<html>
<head>
<script src="jquery-1.9.1.min.js"></script>
<script>
function postForm() {
$.ajax({
type: 'POST',
url: 'http://10.0.0.8:9000/demo',
data: {"name" : "test"},
contentType: "application/json; charset=utf-8",
dataType: 'json',
})
}
</script>
</head>
<body>
<form id="ajaxForm" onsubmit="postForm(); return false; " method="post">
<input id="test" type="text" name="name" value="Hello JSON" />
<input type="submit" value="Submit JSON" />
</form>
</body>
</html>
我尝试访问的计算机正在运行播放框架.我收到以下错误:
The computer i'm trying to access is running the play framework. I am receiving the following error:
OPTIONS http://10.0.0.8:9000/demo
404(未找到)jquery-1.9.1.min.js:5XMLHttpRequest 无法加载 http://10.0.0.8:9000/demo
.Access-Control-Allow-Origin 不允许 Origin http://localhost:8080
.
OPTIONS http://10.0.0.8:9000/demo
404 (Not Found) jquery-1.9.1.min.js:5
XMLHttpRequest cannot load http://10.0.0.8:9000/demo
. Origin http://localhost:8080
is not allowed by Access-Control-Allow-Origin.
我已经被难住了两天了,有人能帮帮我吗?
I've been stumped now for two days, can anyone help me out?
先谢谢了
推荐答案
问题是您正在尝试进行跨域调用(从 http://localhost:8080
到 <代码>http://localhost:9000).同源政策不允许这样做,因此浏览器试图使用跨域资源共享 询问服务器是否允许跨域调用.(这是您看到的 OPTIONS
HTTP 请求.)由于服务器不回复带有允许调用的标头的 OPTIONS
请求,因此浏览器出于安全原因拒绝了该请求原因.
The problem is that you're trying to make a cross-origin call (from http://localhost:8080
to http://localhost:9000
). That's not allowed by the Same Origin Policy, so the browser is trying to use Cross-Origin Resource Sharing to ask the server if it's okay to allow the cross-origin call. (That's the OPTIONS
HTTP request you're seeing.) Since the server doesn't reply to the OPTIONS
request with headers allowing the call, it's denied by the browser for security reasons.
SOP 适用于所有真正的ajax"调用(例如,通过 XMLHttpRequest
调用的调用).您可以:
The SOP applies to all true "ajax" calls (e.g., ones via XMLHttpRequest
). You can either:
更新服务器以实现对
OPTIONS
请求的响应,返回标头以允许调用(这将使其在 大多数现代浏览器),或
Update the server to implement the response to the
OPTIONS
request passing back the headers to allow the call (which will make it work on most modern browsers), or
向同一个端口发出请求(我猜你不这样做是有原因的),所以请求来自同一个源并且 SOP 不适用,或者
Make the request to the same port (I'm guessing there's a reason you're not doing that), so the request is to the same origin and the SOP doesn't apply, or
切换到使用 JSON-P
.但是 JSON-P
不适合表单提交,因为它是一个 GET
,而 GET
操作意味着 幂等,大多数表单提交都不是.因此,除非这恰好是幂等表单提交(例如,搜索),否则使用 JSON-P 充其量只是一种技巧.
Switch over to using JSON-P
. But JSON-P
is inappropriate for form submissions because it's a GET
, and GET
operations are meant to be idempotent, which most form submissions aren't. So unless this happens to be an idempotent form submission (for instance, a search), using JSON-P would be a hack at best.
这篇关于访问控制允许来源错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!