CORS不再运作 [英] CORS not working anymore

问题描述

我遇到了一个奇怪的问题，从一天到另一天，我的AJAX请求网站不再运行.

I'm having a strange problem that from one day to another my AJAX requests for a website not working anymore.

我现在正在努力使其正常工作，但找不到问题.

I'm now struggling to get it working and can't find the problem.

这是我的JavaScript:基本上，这非常简单，它会检索ip adres，然后将其发送(POST)到存储它的站点.

this is my javascript: basically it's realy simple, it retrieves the ip adres and then sends it (POST) to a site which stores it.

    var xhr = new XMLHttpRequest();
    xhr.open('GET', 'https://dashboard.inofec.nl/ip', true);

    // If specified, responseType must be empty string or "text"
    xhr.responseType = 'text';

        xhr.onload = function () {
            if (xhr.readyState === xhr.DONE) {
                if (xhr.status === 200) {
                    // console.log('R = ' + xhr.response);
                    // console.log('RT= ' + xhr.responseText);
                    tip = xhr.responseText;

                    var formData = new FormData();
                    formData.append('ip', tip);
                    formData.append('uri', turl);
                    formData.append('id', dataId);

                    var request = new XMLHttpRequest();
                    request.open("POST", "https://dashboard.inofec.nl/visits");
                    request.send(formData);

                    // console.log('IP  = ' + tip);
                    // console.log('URL = ' + turl);
                    console.log('ID  = ' + dataId);
                }
                else {
                    console.log('ERROR !');
                }
            }
        }
    xhr.send(null);

在服务器上，我现在添加了此功能以避免使用通配符

on the server I have now added this to avoid using a wildcard

    if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] != '') {
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
        header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
        header('Access-Control-Max-Age: 1000');
        header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
    }

仅使用

header('Access-Control-Allow-Origin:');我得到了错误:跨域请求被阻止:CORS标头"Access-Control-Allow-Origin"与"，*"不匹配.

有了新的标题，我就得到了

And with the new headers i get

CORS标头"Access-Control-Allow-Origin"与" http://www.inofec.nl不匹配，*').

但是当我检查标题时，我看到它以正确的标题响应.

But when I check the headers I see that it responds with the correct header.

访问控制允许标题
内容类型，授权，X请求的访问控制允许方法
GET，PUT，POST，DELETE，选项access-control-allow-origin http://www.inofec.nl ，*

推荐答案

Yvo Cilon让我考虑了多个值.并指出正确的方向.

Yvo Cilon made me think about the multiple values. And pointed me in the right direction.

我搜索了标头，发现在网络服务器上已经设置了标头，并将其添加到我的代码中.

I searched for headers and noticed that on the webserver there was a header already set and I added it in my code.

我删除了网络服务器中设置的标头，以控制其使用方式和使用时间.

I removed the header set in the webserver to have control on how and when it is used.

感谢您分享您的想法.

这篇关于CORS不再运作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！