产地HTTP：//本地主机：3000没有被允许访问控制 - 允许 - 原产地 [英] Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin

问题描述

XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. 

我读到跨域Ajax请求，并了解潜在的安全问题。以我为例，2服务器在本地运行，并希望能够在测试过程中的跨域请求。

I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.

localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server

我发出一个Ajax请求本地主机：8080 - GAE服务器，而我的网页从节点服务器加载。什么是最简单，最安全的（不想要开始镶边禁用 - 网络安全选项）。如果我不得不改变内容类型，我应该做的节点服务器？怎么样？

I am issuing an ajax request to localhost:8080 - GAE server while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with disable-web-security option). If I have to change 'Content-Type', should I do it at node server? How?

推荐答案

由于他们在不同端口上运行，它们是不同的领域。没关系，他们是在同一台机器/主机名

Since they are running on different ports, they are different domains. It doesn't matter that they are on the same machine/hostname.

您需要在服务器上启用CORS（本地主机：8080）。看看这个网站： http://enable-cors.org/

You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/

所有你需要做的是一个HTTP头添加到服务器：

All you need to do is add an HTTP header to the server:

Access-Control-Allow-Origin: http://localhost:3000

或者，为简单起见：

Or, for simplicity:

Access-Control-Allow-Origin: *

这篇关于产地HTTP：//本地主机：3000没有被允许访问控制 - 允许 - 原产地的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！