缺少 CORS 标头“Access-Control-Allow-Origin" [英] CORS header 'Access-Control-Allow-Origin' missing

查看:194
本文介绍了缺少 CORS 标头“Access-Control-Allow-Origin"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在从我的 asp.net 表单调用此函数,并在调用 ajax 时在 firebug 控制台上出现以下错误.

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

跨域请求被阻止:同源策略不允许读取位于 http://anotherdomain/test.json 的远程资源.(原因:缺少 CORS 标头Access-Control-Allow-Origin").

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

var url= 'http://anotherdomain/test.json';
        $.ajax({
            url: url,
            crossOrigin: true,
            type: 'GET',
            xhrFields: { withCredentials: true },
            accept: 'application/json'
        }).done(function (data) {
            alert(data);                
        }).fail(function (xhr, textStatus, error) {
            var title, message;
            switch (xhr.status) {
                case 403:
                    title = xhr.responseJSON.errorSummary;
                    message = 'Please login to your server before running the test.';
                    break;
                default:
                    title = 'Invalid URL or Cross-Origin Request Blocked';
                    message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';
                    break;
            }
        });

我已经做了替代方法,但仍然无法找到解决方案.

I've done alternate way but still unable to find the solution.

注意:我没有进行服务器端(API/URL)更改的服务器权限.

Note: I've no server rights to make server side(API/URL) changes.

推荐答案

当您尝试访问另一个域的资源时,通常会发生这种情况.

This happens generally when you try access another domain's resources.

这是一项安全功能,可避免每个人自由访问该域的任何资源(例如,可以访问该域的任何资源以在盗版域上拥有完全相同的网站副本).

This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

响应的标头,即使是 200OK 也不允许其他来源(域、端口)访问资源.

The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the ressources.

如果您是两个域的所有者,则可以解决此问题:

You can fix this problem if you are the owner of both domains:

要更改它,您可以在请求的域文件的 .htaccess 中写入:

To change that, you can write this in the .htaccess of the requested domain file:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    </IfModule>

如果您只想授予对一个域的访问权限,.htaccess 应如下所示:

If you only want to give access to one domain, the .htaccess should look like this:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin 'https://my-domain.tdl'
    </IfModule>

解决方案 2:以正确的方式设置标题

如果你把它设置到请求文件的响应头中,你将允许每个人访问资源:

Solution 2: set headers the correct way

If you set this into the response header of the requested file, you will allow everyone to access the ressources:

Access-Control-Allow-Origin : *

Access-Control-Allow-Origin : http://www.my-domain.com

和平与代码;)

这篇关于缺少 CORS 标头“Access-Control-Allow-Origin"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆