跨域请求被阻止 [英] Cross-Origin Request Blocked

问题描述

所以，我有了这个围棋HTTP处理程序，存储了一些帖子内容进入数据存储和检索响应其他一些信息。在后端我使用的：

So I've got this Go http handler that stores some POST content into the datastore and retrieves some other info in response. On the back-end I use:

func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Access-Control-Allow-Origin", "*")
    if r.Method == "POST" {

        c := appengine.NewContext(r)

        body, _ := ioutil.ReadAll(r.Body)

        auth := string(body[:])
        r.Body.Close()
        q := datastore.NewQuery("Message").Order("-Date")

        var msg []Message
        key, err := q.GetAll(c, &msg)

        if err != nil {
            c.Errorf("fetching msg: %v", err)
            return
        }

        w.Header().Set("Content-Type", "application/json")
        jsonMsg, err := json.Marshal(msg)
        msgstr := string(jsonMsg)
        fmt.Fprint(w, msgstr)
        return
    }
}

在我的Firefox OS的应用程序使用：

In my firefox OS app I use:

var message = "content";

request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);

request.onload = function () {
    if (request.status >= 200 && request.status < 400) {
        // Success!
        data = JSON.parse(request.responseText);
        console.log(data);
    } else {
        // We reached our target server, but it returned an error
        console.log("server error");
    }
};

request.onerror = function () {
    // There was a connection error of some sort
    console.log("connection error");
};

request.send(message);

进入的部分沿线和这样的工作的。然而，我的回答是被阻塞。让我有以下消息：

The incoming part all works along and such. However, my response is getting blocked. Giving me the following message:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.

我尝试了很多其他的东西，但也没办法我只能从服务器获得响应。然而，当我改变我的围棋POST方法为GET，并通过浏览器访问网页，我得到了我想要如此糟糕的数据。我真的不能决定哪一方出了问题，为什么：它可能是围棋不应该阻止这些类型的请求，但它也可能是我的JavaScript是非法的。

I tried a lot of other things but there is no way I can just get a response from the server. However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad. I can't really decide which side goes wrong and why: it might be that Go shouldn't block these kinds of requests, but it also might be that my javascript is illegal.

推荐答案

@Egidius，创造一个XM​​LHtt prequest的时候，你应该使用

@Egidius, when creating an XMLHttpRequest, you should use

var xhr = new XMLHttpRequest({mozSystem: true});

什么是mozSystem？

mozSystem布尔：这个标志设置为true，使得跨站点连接，无需服务器选择在使用CORS。需要设置mozAnon：真，也就是这个不能与发送的cookie或其他用户凭据相结合。这只能在特权（审查）的应用程序;它不会在Firefox中加载任意网页的工作。

mozSystem Boolean: Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS. Requires setting mozAnon: true, i.e. this can't be combined with sending cookies or other user credentials. This only works in privileged (reviewed) apps; it does not work on arbitrary webpages loaded in Firefox.

更改您的清单

在你的清单，不要忘了包括此行您的权限：

On your manifest, do not forget to include this line on your permissions:

"permissions": {
       "systemXHR" : {},
}

这篇关于跨域请求被阻止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！