jQuery Ajax - POST从Localhost生成没有“Access-Control-Allow-Origin”头 [英] jQuery Ajax - POST from Localhost Generates No 'Access-Control-Allow-Origin' header

查看:896
本文介绍了jQuery Ajax - POST从Localhost生成没有“Access-Control-Allow-Origin”头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我以为我明白了CORS,但有些东西我不明白。我有一个应用程序,我试图从localhost运行。此应用程序需要POST请求到Azure搜索。我正在尝试上传搜索文档。在尝试这样做,我有以下:

  var url ='https://my-app.search。 windows.net/indexes/test/docs/index?api-version=2015-02-28'; 
$ .ajax({
url:url,
type:'POST',
contentType:'application / json',
headers:{
'api-key':'XXXXXX',
'Content-Type':'application / json'
},
beforeSend:function(req){
req.setRequestHeader 'access-Control-Allow-Origin','*');
},
data:JSON.stringify({
'@ search.action':'upload',
'id':'1',
'name':'some name'
}),
success:function(){alert('success');},
error:function(){alert('check the console window。');}
});

授予 url api-key 不是真正的。仍然,如果我使用POSTman,我可以成功地POST这个数据。但是,当我尝试通过jQuery从我的应用程序POST时,我在控制台窗口中得到一个错误:

 失败加载资源:服务器响应状态为403(禁止)

对预检请求的响应不通过访问控制检查:没有访问控制允许原因报头存在于请求资源。因此,不允许原始'http:// localhost:72'访问。响应有HTTP状态代码403.



我有Azure的允许的源类型CORS选项搜索服务设置为全部。所以基本上,它的开放。



如何从localhost上的jQuery向这个服务发送数据? h2_lin>解决方案

Azure搜索只允许通过CORS执行查询操作,而不是管理或索引操作(请参阅 MSDN 了解有关CORS的Azure搜索支持的详细信息。



这样做的原因是基于浏览器的客户端需要访问api密钥,并且共享管理密钥(对于索引写操作来说是必需的)本质上是不安全的。对于索引中的数据应该公开可用的情况,公开披露查询键是确定的,但是不要将管理员API密钥交给基于浏览器的客户端。


I thought I understood CORS, but there is something I do not understand apparently. I have an app that I am trying to run from localhost. This app needs to POST a request to Azure Search. I am trying to upload a search document. In an attempt to do this, I have the following:

var url = 'https://my-app.search.windows.net/indexes/test/docs/index?api-version=2015-02-28';
$.ajax({ 
  url: url,
  type: 'POST',
  contentType:'application/json',
  headers: {
    'api-key':'XXXXXX',
    'Content-Type':'application/json'
  },
  beforeSend: function (req) {
    req.setRequestHeader('Access-Control-Allow-Origin', '*');
  },                    
  data: JSON.stringify({
    '@search.action':'upload',
    'id': '1',
    'name': 'some name'
  }),
  success: function() { alert('success'); },
  error: function() { alert('check the console window.'); }
});                   

Granted, the url and api-key are not the real ones. Still, I can successfully POST this data if I'm using POSTman. Yet, when I try to POST it from my app via jQuery, I get an error in the console window that says:

Failed to load resource: the server responded with a status of 403 (Forbidden)

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:72' is therefore not allowed access. The response had HTTP status code 403.

I have the "Allowed origin type" CORS options for my Azure Search service set to "All". So basically, its wide open. Yet, I still get this CORS error.

How do I POST data to this service from jQuery on localhost?

解决方案

Azure Search only allows query operations to be performed via CORS, not management or indexing operations (see MSDN for details on Azure Search support for CORS).

The reason for this is that browser-based clients need access to the api-key, and sharing an admin key (which is necessary for index write operations) is inherently insecure. For scenarios where the data in an index is supposed to be publicly available, publicly disclosing a query key is ok, but you should never hand an admin API key to a browser-based client.

这篇关于jQuery Ajax - POST从Localhost生成没有“Access-Control-Allow-Origin”头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆