起源<起源>Access-Control-Allow-Origin 不允许 [英] Origin <origin> is not allowed by Access-Control-Allow-Origin
问题描述
XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.
我阅读了有关跨域 ajax 请求的内容,并了解了潜在的安全问题.就我而言,有 2 台服务器在本地运行,并且希望在测试期间启用跨域请求.
I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.
localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server
当我的页面从节点服务器加载时,我正在向 localhost:8080 - GAE 服务器
发出 ajax 请求.什么是最简单、最安全的(不想用 disable-web-security
选项启动 chrome).如果我必须更改 'Content-Type'
,我应该在节点服务器上做吗?怎么样?
I am issuing an ajax request to localhost:8080 - GAE server
while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security
option). If I have to change 'Content-Type'
, should I do it at node server? How?
推荐答案
由于它们运行在不同的端口上,因此它们是不同的 JavaScript origin
.它们在同一台机器/主机名上并不重要.
Since they are running on different ports, they are different JavaScript origin
. It doesn't matter that they are on the same machine/hostname.
您需要在服务器 (localhost:8080) 上启用 CORS.查看此站点:http://enable-cors.org/
You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/
您需要做的就是向服务器添加一个 HTTP 标头:
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:3000
或者,为简单起见:
Access-Control-Allow-Origin: *
如果您的服务器尝试设置 cookie 并且您使用 withCredentials = true
Thought don't use "*" if your server is trying to set cookie and you use withCredentials = true
响应认证请求时,服务器必须指定域,不能使用通配符.
when responding to a credentialed request, server must specify a domain, and cannot use wild carding.
您可以在此处阅读有关 withCredentials
的更多信息
这篇关于起源<起源>Access-Control-Allow-Origin 不允许的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!