为什么在从本地主机向本地主机发出请求时启动同源策略? [英] Why is same origin policy kicking in when making request from localhost to localhost?

问题描述

我将后端 API 作为独立于使用它的前端 HTML5 应用程序的项目.我正在使用 Yeoman 进行前端开发.Yeoman 在 localhost:3501 上运行，后端在 localhost:3000 上运行.当我从浏览器发出 API 请求时(使用 AngularJS 的 $http)，我遇到了同源策略:

I'm keeping the backend API as a separate project from the frontend HTML5 app consuming it. I'm using Yeoman for the frontend development. Yeoman runs on localhost:3501 and the backend on localhost:3000. When I make the API request from the browser (using AngularJS's $http), I hit the same origin policy:

XMLHttpRequest cannot load http://localhost:3000/venues. Origin http://localhost:3501 is not allowed by Access-Control-Allow-Origin.

AFAIK，只有在跨不同域发出请求时才应启动同源策略.当我们从 localhost 向 localhost(尽管是不同的端口)发出请求时，为什么它会发出呜呜声?

AFAIK, same origin policy should kick in only when making request across different domains. Why is it whining when we do a request from localhost to localhost (albeit to different port)?

我怎样才能完成这项工作，这是否会导致生产出现问题?

How can I make this work and will this cause problems in production?

推荐答案

端口也计入跨域请求，因此 http://localhost:3000 和 http://localhost:3501 是 2 个不同的域(从浏览器的角度来看).

The ports also count for cross domain requests, therefore http://localhost:3000 and http://localhost:3501 are 2 different domains (from browser's point of view).

如果您需要两个应用程序(客户端和后端)在不同的端口上运行，请考虑使用 http://enable-cors.org/一个>

If you need both applications (client and backend) to run on different ports, consider using http://enable-cors.org/

这篇关于为什么在从本地主机向本地主机发出请求时启动同源策略?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！