CORS“No”Access-Control-Allow-Origin“header is present”但还有 [英] CORS "No 'Access-Control-Allow-Origin' header is present" yet there is

问题描述

这三个标头是使用PHP新增的

These three headers are added using PHP

    header('Content-Type: application/json; charset=UTF-8;');
    header('Access-Control-Allow-Methods: GET, POST');
    header('Access-Control-Allow-Origin: *');

发送的所有标题都是：

    HTTP/1.1 200 OK
    Date: Mon, 30 Jun 2014 06:39:29 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.28
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Access-Control-Allow-Methods: GET, POST
    Access-Control-Allow-Origin: *
    Vary: Accept-Encoding,User-Agent
    Content-Encoding: gzip
    Cache-Control: max-age=1, private, must-revalidate
    Content-Length: 20
    Keep-Alive: timeout=3, max=100
    Connection: Keep-Alive
    Content-Type: application/json; charset=UTF-8;

然而，当尝试使用$ .json或$ .post来定位此服务器时，在Chrome控制台中：

Yet when trying to use $.json or $.post to target this server, I get this error in the Chrome Console:

    XMLHttpRequest cannot load http://cms.webdevguru.co.uk/gurucms.php?mode=addto&apikey=606717496665bcba. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://remote.webdevguru.co.uk' is therefore not allowed access.

我知道这是一个可能的重复几个其他问题，但由于我经历了很多他们并尝试了一些东西，尝试和解决这个问题：我很感激一些具体的答复，以处理我手头的问题。

I know this is a possible duplicate of a few other questions, but since I have gone through many of them and tried a few things out of them to try and fix this: I would appreciate some specific replies to deal with my issue at hand.

正如Joachim Isaksson想出的，因为初始标头包含301重定向，在检查Access-Control-Allow-Origin标头之前，是否有任何方式强制请求遵循重定向？

As Joachim Isaksson figured out, its because the initial headers consist of a 301 Redirect, is there any way to force the request to follow the Redirect before checking for the Access-Control-Allow-Origin headers?

推荐答案

CORS不工作的原因是，你的链接提供了一个没有CORS标题的301 Moved Permanently，重定向到另一个链接。

The reason CORS isn't working is that your link gives a "301 Moved Permanently" without a CORS header, redirecting to another link.

它重定向的链接发送头，但是它似乎CORS已经放弃了第一个响应的预检。

The link it redirects to sends the header, however it seems CORS has already given up the preflight on the first response.

传递一个访问控制-Allow-Origin标题与301可以解决你的问题，这应该允许预检继续。

Passing back a "Access-Control-Allow-Origin" header with the 301 may solve your problem, that should allow the preflight to continue.

这篇关于CORS“No”Access-Control-Allow-Origin“header is present”但还有的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！