来源< origin>是Access-Control-Allow-Origin不允许的 [英] Origin <origin> is not allowed by Access-Control-Allow-Origin
问题描述
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
我阅读了有关跨域Ajax请求的信息,并了解了潜在的安全性问题.就我而言,有2台服务器在本地运行,并且希望在测试期间启用跨域请求.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
从节点服务器加载页面时,我正在向localhost:8080 - GAE server
发出ajax请求.最简单,最安全的方法是什么(不想使用disable-web-security
选项启动chrome).如果必须更改'Content-Type'
,是否应该在节点服务器上执行?怎么样?
I am issuing an ajax request to localhost:8080 - GAE server
while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security
option). If I have to change 'Content-Type'
, should I do it at node server? How?
推荐答案
由于它们运行在不同的端口上,因此它们是不同的JavaScript origin
.它们在同一台机器/主机名上没关系.
Since they are running on different ports, they are different JavaScript origin
. It doesn't matter that they are on the same machine/hostname.
您需要在服务器(localhost:8080)上启用CORS.查看此网站: http://enable-cors.org/
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
您需要做的就是向服务器添加一个HTTP标头:
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
或者,为简单起见:
Access-Control-Allow-Origin: *
如果您的服务器尝试设置Cookie并且您使用withCredentials = true
Thought don't use "*" if your server is trying to set cookie and you use withCredentials = true
响应凭据请求时,服务器必须指定域,并且不能使用通配符.
when responding to a credentialed request, server must specify a domain, and cannot use wild carding.
您可以在此处了解有关withCredentials
的更多信息
You can read more about withCredentials
here
这篇关于来源< origin>是Access-Control-Allow-Origin不允许的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!