Access-Control-Allow-Origin 不允许 Origin [英] Origin is not allowed by Access-Control-Allow-Origin
问题描述
我正在中向远程PHP服务器发出Ajax.request
Sencha Touch 2 应用程序(包含在 PhoneGap 中).
I'm making an Ajax.request
to a remote PHP server in a Sencha Touch 2 application (wrapped in PhoneGap).
来自服务器的响应如下:
The response from the server is the following:
XMLHttpRequest 无法加载 http://nqatalog.negroesquisso.pt/login.php.Access-Control-Allow-Origin 不允许 Origin http://localhost:8888
.
XMLHttpRequest cannot load http://nqatalog.negroesquisso.pt/login.php. Origin
http://localhost:8888
is not allowed by Access-Control-Allow-Origin.
我该如何解决这个问题?
How can I fix this problem?
推荐答案
我不久前写了一篇关于这个问题的文章,跨域 AJAX.
I wrote an article on this issue a while back, Cross Domain AJAX.
如果您可以控制响应服务器,最简单的处理方法是为以下内容添加响应标头:
The easiest way to handle this if you have control of the responding server is to add a response header for:
Access-Control-Allow-Origin: *
这将允许跨域 Ajax.在 PHP 中,您需要像这样修改响应:
This will allow cross-domain Ajax. In PHP, you'll want to modify the response like so:
<?php header('Access-Control-Allow-Origin: *'); ?>
您可以将 Header set Access-Control-Allow-Origin *
设置放在 Apache 配置或 htaccess 文件.
You can just put the Header set Access-Control-Allow-Origin *
setting in the Apache configuration or htaccess file.
应该注意,这有效地禁用了 CORS 保护,这很可能使您的用户受到攻击.如果您不知道您特别需要使用通配符,则不应使用它,而应将您的特定域列入白名单:
It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don't know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:
<?php header('Access-Control-Allow-Origin: http://example.com') ?>
这篇关于Access-Control-Allow-Origin 不允许 Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!