如何/在何处启用CORS(跨源资源共享)? [英] How/where to enable CORS(cross origin resource sharing)?
问题描述
我无法使用 XMLHttpRequest()从我的 javascript 文件访问跨域资源。
我知道也有一些类似的问题,我经历了其中的一些问题,但是对于某些细节我有些困惑。
我将提及我的确切设置和我的特定疑问。
I am not able to access cross domain resources from my javascript file using XMLHttpRequest(). I understand that there are a few similar questions, I went through some of them but I have a bit of confusion regarding some of the details. I will mention my exact Setup and my specific doubts.
设置:
我将HTML和JS文件放在ubuntu计算机上运行的apache服务器上我的本地LAN网络。该应用程序基本上是video.js的hls插件。
从同一局域网中的Windows PC,打开hls播放器的index.html文件。只要我选择linux机器上存在的视频内容,它就可以按预期工作,但是可以为它提供外部内容(例如 http://devimages.apple.com/iphone/samples/bipbop/bipbopall.m3u8 ),它将失败并显示错误:
I have my HTML and JS files on an apache server running on a ubuntu machine present in my local LAN network . The application is bascially hls plugin for video.js. From my windows PC in the same local LAN, I open the index.html file for the hls player. As long as I select video content which is present on the linux machine, it works fine as expected, but on giving it an external content( E.g. http://devimages.apple.com/iphone/samples/bipbop/bipbopall.m3u8), it fails and gives the error:
XMLHttpRequest无法加载 http:// devimages .apple.com / iphone / samples / bipbop / bipbopall.m3u8 。所请求的资源上没有 Access-Control-Allow-Origin标头。因此,不允许访问来源 http://172.20.33.49 。
XMLHttpRequest cannot load http://devimages.apple.com/iphone/samples/bipbop/bipbopall.m3u8. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://172.20.33.49' is therefore not allowed access.
(此处172.20.33.49是Linux计算机的IP)
(Here 172.20.33.49 is the IP of the linux machine)
所以我的查询是:
-
Access-Control-Allow-Origin 标头应在哪个服务器上设置为适当的值(为简单起见,请说 *)为使其工作:在我的本地linux服务器上或在托管外部内容的服务器上,还是在这两者上?
On which server should the Access-Control-Allow-Origin header be set to appropriate value(lets say '*' for simplicity) for this to work: on my local linux server or the server hosting the external content or both?
我是否需要任何设置/配置/代码更改?可以在我的浏览器/ JavaScript或HTML代码中执行此操作?
Is there any setting/configuration/code change which I need to do in my browser/javascript or HTML code for this to work?
推荐答案
应该在哪台服务器上设置Access-Control-Allow-Origin标头
On which server should the Access-Control-Allow-Origin header be set
托管所需内容的服务器用XHR阅读。错误消息确实说明了这一点,它告诉您所请求资源的URL,然后说该资源上不存在标题。
The server hosting the content you want to read with XHR. The error message does spell this out, it tells you the URL to a resource that you are requesting and then says that the header is not present on that resource.
我是否需要在浏览器/ javascript或HTML代码中进行任何设置/配置/代码更改才能使其正常工作?
Is there any setting/configuration/code change which I need to do in my browser/javascript or HTML code for this to work?
否。浏览器透明地处理CORS。
No. The browser handles CORS transparently.
作为一般查询,客户端可以/应该做些什么使CORS正常工作?服务器要求/配置?
As a general query, is there anything the client can/should do for CORS to work or is it purely a server requirement/configuration?
客户端必须支持CORS。所有现代的浏览器都可以。
The client has to support CORS. All modern browsers do.
HTTP响应中是否强制使用 Access-Control-Allow-Origin?
Is the 'Access-Control-Allow-Origin' mandatory in HTTP responses?
否
如果不是,那么缺少它是什么意思-是吗意味着只能访问同一域中的资源,还是意味着所有域都可以访问(相当于*)?
If not then what does its absence mean - Does it mean only resources from same domain can be accessed or does it mean all domains are accessible(equivalent to *) ?
如果服务器没有't指定Access-Control-Allow-Origin,则它不授予其他任何来源读取其数据的权限。
If a server doesn't specify Access-Control-Allow-Origin then it doesn't grant permission to any other origin to read its data.
客户端可以强制服务器添加此标头的任何方式吗?
Is there any way a client can force a server to add this header?
否(尽管浏览器扩展可以拦截响应并添加标头) ,这对测试很有用)。
No (although a browser extension can intercept the response and add the header, this can be useful for testing purposes).
这篇关于如何/在何处启用CORS(跨源资源共享)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!