产地HTTP://本地主机:3000没有被允许访问控制 - 允许 - 原产地 [英] Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin
问题描述
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
我读到跨域Ajax请求,并了解潜在的安全问题。以我为例,2服务器在本地运行,并希望能够在测试过程中的跨域请求。
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
我发出一个Ajax请求本地主机:8080 - GAE服务器
,而我的网页从节点服务器加载。什么是最简单,最安全的(不想要开始镶边禁用 - 网络安全
选项)。如果我不得不改变内容类型
,我应该做的节点服务器?怎么样?
I am issuing an ajax request to localhost:8080 - GAE server
while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security
option). If I have to change 'Content-Type'
, should I do it at node server? How?
推荐答案
由于他们在不同端口上运行,它们是不同的领域。没关系,他们是在同一台机器/主机名
Since they are running on different ports, they are different domains. It doesn't matter that they are on the same machine/hostname.
您需要在服务器上启用CORS(本地主机:8080)。看看这个网站: http://enable-cors.org/
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
所有你需要做的是一个HTTP头添加到服务器:
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
或者,为简单起见:
Or, for simplicity:
Access-Control-Allow-Origin: *
这篇关于产地HTTP://本地主机:3000没有被允许访问控制 - 允许 - 原产地的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!