Restangular跨域请求。我做错了什么？ [英] Restangular crossdomain request. What I do wrong?

问题描述

我有域 sub.example.com 配置有restangular：

I have domain sub.example.com with configured restangular:

RestangularProvider.setDefaultHeaders({
    'Content-Type': 'application/json',
    'X-Requested-With': 'XMLHttpRequest'
});
RestangularProvider.setDefaultHttpFields({
    'withCredentials': true
});

然后我通过构建其他工厂：

Then I'm building other factory via:

return Restangular.withConfig(function(RestangularProvider) {
    RestangularProvider.setBaseUrl('http://api.example.com');
});

和，很明显，得到错误的否访问控制允许来源标头的请求的资源present。因此出身 http://sub.example.com '是不允许访问。。我应该如何配置服务器/客户端得到工作跨域请求？

And, obviously, getting error No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://sub.example.com' is therefore not allowed access.. How should I configure server/client to get working crossdomain requests?

// UPD

我在后端使用Yii和发送下一个头结果
头（'访问控制允许来源：*'，真）;

I'm using Yii on backend and sending next header
header('Access-Control-Allow-Origin: *', true);

推荐答案

我已经找到解决方案。

首先，使用凭据时 - 我们不能使用*用于访问控制允许来源。
然后，XHR发送OPTIONS请求应当处理好和发送CORS标头。

At first, when using credentials - we can't use * for Access-Control-Allow-Origin. Then, XHR sends OPTIONS request that should be handled well and send CORS headers.

// scheme required, here can be multiple origins concatenated by space if using credentials
header('Access-Control-Allow-Origin: http://sub.example.com');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Accept, X-Requested-With');
// without credentials we can use * for origin
header('Access-Control-Allow-Credentials: true');
header('HTTP/1.1 200 OK', true);

然后，我们可以简单地使用跨域Ajax请求。

Then we can simply use crossdomain ajax requests.

这篇关于Restangular跨域请求。我做错了什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！