跨域请求被阻止 [英] Cross-Origin Request Blocked
问题描述
所以,我有了这个围棋HTTP处理程序,存储了一些帖子内容进入数据存储和检索响应其他一些信息。在后端我使用的:
So I've got this Go http handler that stores some POST content into the datastore and retrieves some other info in response. On the back-end I use:
func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "POST" {
c := appengine.NewContext(r)
body, _ := ioutil.ReadAll(r.Body)
auth := string(body[:])
r.Body.Close()
q := datastore.NewQuery("Message").Order("-Date")
var msg []Message
key, err := q.GetAll(c, &msg)
if err != nil {
c.Errorf("fetching msg: %v", err)
return
}
w.Header().Set("Content-Type", "application/json")
jsonMsg, err := json.Marshal(msg)
msgstr := string(jsonMsg)
fmt.Fprint(w, msgstr)
return
}
}
在我的Firefox OS的应用程序使用:
In my firefox OS app I use:
var message = "content";
request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);
request.onload = function () {
if (request.status >= 200 && request.status < 400) {
// Success!
data = JSON.parse(request.responseText);
console.log(data);
} else {
// We reached our target server, but it returned an error
console.log("server error");
}
};
request.onerror = function () {
// There was a connection error of some sort
console.log("connection error");
};
request.send(message);
进入的部分沿线和这样的工作的。然而,我的回答是被阻塞。让我有以下消息:
The incoming part all works along and such. However, my response is getting blocked. Giving me the following message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.
我尝试了很多其他的东西,但也没办法我只能从服务器获得响应。然而,当我改变我的围棋POST方法为GET,并通过浏览器访问网页,我得到了我想要如此糟糕的数据。我真的不能决定哪一方出了问题,为什么:它可能是围棋不应该阻止这些类型的请求,但它也可能是我的JavaScript是非法的。
I tried a lot of other things but there is no way I can just get a response from the server. However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad. I can't really decide which side goes wrong and why: it might be that Go shouldn't block these kinds of requests, but it also might be that my javascript is illegal.
推荐答案
@Egidius,创造一个XMLHtt prequest的时候,你应该使用
@Egidius, when creating an XMLHttpRequest, you should use
var xhr = new XMLHttpRequest({mozSystem: true});
什么是mozSystem?
mozSystem布尔:这个标志设置为true,使得跨站点连接,无需服务器选择在使用CORS。需要设置mozAnon:真,也就是这个不能与发送的cookie或其他用户凭据相结合。这只能在特权(审查)的应用程序;它不会在Firefox中加载任意网页的工作。
mozSystem Boolean: Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS. Requires setting mozAnon: true, i.e. this can't be combined with sending cookies or other user credentials. This only works in privileged (reviewed) apps; it does not work on arbitrary webpages loaded in Firefox.
更改您的清单
在你的清单,不要忘了包括此行您的权限:
On your manifest, do not forget to include this line on your permissions:
"permissions": {
"systemXHR" : {},
}
这篇关于跨域请求被阻止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!