Access-Control-Allow-Origin 不允许 Origin [英] Origin is not allowed by Access-Control-Allow-Origin

本文介绍了Access-Control-Allow-Origin 不允许 Origin的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!


我正在中向远程PHP服务器发出Ajax.requestSencha Touch 2 应用程序(包含在 PhoneGap 中).

I'm making an Ajax.request to a remote PHP server in a Sencha Touch 2 application (wrapped in PhoneGap).


The response from the server is the following:

XMLHttpRequest 无法加载 不允许 Origin http://localhost:8888.

XMLHttpRequest cannot load Origin http://localhost:8888 is not allowed by Access-Control-Allow-Origin.


How can I fix this problem?


我不久前写了一篇关于这个问题的文章,跨域 AJAX.

I wrote an article on this issue a while back, Cross Domain AJAX.


The easiest way to handle this if you have control of the responding server is to add a response header for:

Access-Control-Allow-Origin: *

这将允许跨域 Ajax.在 PHP 中,您需要像这样修改响应:

This will allow cross-domain Ajax. In PHP, you'll want to modify the response like so:

<?php header('Access-Control-Allow-Origin: *'); ?>

您可以将 Header set Access-Control-Allow-Origin * 设置放在 Apache 配置或 htaccess 文件.

You can just put the Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.

应该注意,这有效地禁用了 CORS 保护,这很可能使您的用户受到攻击.如果您不知道您特别需要使用通配符,则不应使用它,而应将您的特定域列入白名单:

It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don't know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:

<?php header('Access-Control-Allow-Origin:') ?>

这篇关于Access-Control-Allow-Origin 不允许 Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

登录 关闭
发送“验证码”获取 | 15天全站免登陆