访问控制 - 允许 - 产地错误 [英] Access-Control-Allow-Origin error
问题描述
我用下面的脚本 -
I'm using the following script -
<!DOCTYPE html>
<html>
<head>
<script src="jquery-1.9.1.min.js"></script>
<script>
function postForm() {
$.ajax({
type: 'POST',
url: 'http://10.0.0.8:9000/demo',
data: {"name" : "test"},
contentType: "application/json; charset=utf-8",
dataType: 'json',
})
}
</script>
</head>
<body>
<form id="ajaxForm" onsubmit="postForm(); return false; " method="post">
<input id="test" type="text" name="name" value="Hello JSON" />
<input type="submit" value="Submit JSON" />
</form>
</body>
</html>
我试图访问该计算机正在运行的游戏框架。我收到以下错误:
The computer i'm trying to access is running the play framework. I am receiving the following error:
选项 http://10.0.0.8:9000/demo
404(未找到)的jQuery 1.9.1.min.js:5
XMLHtt prequest无法加载 http://10.0.0.8:9000/demo
。原产地的http://本地主机:8080
不受访问控制 - 允许 - 原产地允许的。
OPTIONS http://10.0.0.8:9000/demo
404 (Not Found) jquery-1.9.1.min.js:5
XMLHttpRequest cannot load http://10.0.0.8:9000/demo
. Origin http://localhost:8080
is not allowed by Access-Control-Allow-Origin.
我已经现在难倒了两天,谁能帮助我?
I've been stumped now for two days, can anyone help me out?
由于提前
推荐答案
现在的问题是,你试图使一个跨域调用(从的http://本地主机:8080
到的http://本地主机:9000
)。这不是由同源策略允许的,所以浏览器正试图使用的跨域资源共享来询问服务器是否也没关系,让跨域调用。 (这就是选项
的HTTP请求,你所看到的)。由于服务器没有回复选项与
请求标题允许呼叫,它是由浏览器出于安全原因拒绝。
The problem is that you're trying to make a cross-origin call (from http://localhost:8080
to http://localhost:9000
). That's not allowed by the Same Origin Policy, so the browser is trying to use Cross-Origin Resource Sharing to ask the server if it's okay to allow the cross-origin call. (That's the OPTIONS
HTTP request you're seeing.) Since the server doesn't reply to the OPTIONS
request with headers allowing the call, it's denied by the browser for security reasons.
本SOP适用于所有真正的Ajax的要求(例如,通过 XMLHtt prequest
的)。您可以:
The SOP applies to all true "ajax" calls (e.g., ones via XMLHttpRequest
). You can either:
-
更新服务器来实现应对
选项
要求传回的头,让调用(这会使它的most现代浏览器的),或
Update the server to implement the response to the
OPTIONS
request passing back the headers to allow the call (which will make it work on most modern browsers), or
请请求到同一个端口(我猜有你不这样做,一个原因),所以要求是相同的起源和SOP不适,或
Make the request to the same port (I'm guessing there's a reason you're not doing that), so the request is to the same origin and the SOP doesn't apply, or
切换到使用 JSON-P
。但 JSON-P
是不恰当的表单提交,因为它是一个 GET
和 GET
的操作,目的是要幂等,其中大多数表单提交AREN'吨。所以,除非这恰好是一个幂等形式提交(例如,搜索),使用JSON-P充其量是一个黑客。
Switch over to using JSON-P
. But JSON-P
is inappropriate for form submissions because it's a GET
, and GET
operations are meant to be idempotent, which most form submissions aren't. So unless this happens to be an idempotent form submission (for instance, a search), using JSON-P would be a hack at best.
这篇关于访问控制 - 允许 - 产地错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!