请求头字段Access-Control-Allow-Headers在预检响应中不允许Access-Control-Allow-Headers [英] Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response

问题描述

我尝试从跨域创建登录页面，但我无法解决问题，错误是：

XMLHttpRequest无法加载 http：//localhost/testing/resp.php 。请求标头字段Access-Control-Allow-Headers不允许在预检回应中的Access-Control-Allow-Headers。

代码是：

  $（'＃login'）。click（function（）{var username = $（'＃uname'）。val （）; var password = $（'＃pass'）。val（）; var result = $（'。result'）; result.text（'loading ....'）; if（username！=''& ;& password！=''）{var urltopass ='action = login& username ='+ username +'& password ='+ password; $ .ajax（{type：'POST'，data：urltopass，headers： Access-Control-Allow-Headers：Content-Type}，url：'http：//localhost/testing/resp.php'，crossDomain：true，cache：false，success：function（responseText）{console。 log（responseText）; if（responseText ==0）{result.text（'incorrect login information'）;} else if（responseText ==1）{window.location =http：// localhost / testing /home.php; } else {alert（'sql query \\\
'+ responseText中的错误）; }}}）; } else return false;        ：//localhost/testing/resp.phprel =nofollow> http：//localhost/testing/resp.php ：
 
 
 
 
 
 
 <？php includedb.php; //连接数据库if（！isset（$ _ SERVER ['HTTP_ORIGIN']））{echo这不是跨域请求; exit;} header（Access-Control-Allow-Origin：*）;头（Access-Control-Allow-Credentials：true）; header（Access-Control-Allow-Methods：POST，GET，OPTIONS）; （Access-Control-Allow-Headers：Content-Type，Authorization，X-Requested-With）;标题（'P3P：CP =CAO PSA OUR'）; //使得IE支持cookie头（Content-Type：application / json; charset = utf-8）; if（isset（$ _ POST ['action']）&& $ _POST ['action'] =='login'）{$ uname = $ _POST ['username']; $ pass = $ _POST ['password']; $ sql =SELECT * FROM loginajax WHERE username ='$ uname'AND password ='$ pass'; $ rs = $ conn-> query（$ sql）; if（mysqli_num_rows（$ rs）<= 0）{echo0; } else {echo1; }} else echothis is not Login;？>  
 
 
 
解决方案
删除此：
  ：Content-Type}，
  
 
 
 
 
服务器使用 Access-Control-Allow-Headers 标头进行响应，客户端不会将其发送服务器。 
 
 
 
客户端发送一个 Access-Control-Request-Headers 请求允许某些标题，服务器用 Access-Control-Allow-Headers 来列出它允许的实际头。客户端不会要求允许哪些标头。
 
I am trying to make a login page from cross domain but I couldn't solve the problem, the error is:

  
XMLHttpRequest cannot load http://localhost/testing/resp.php. Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response.
My Javascript code is:



$('#login').click(function(){
		var username = $('#uname').val();
		var password = $('#pass').val();
		var result = $('.result');
		result.text('loading....');

		if (username != '' && password !=''){
			var urltopass = 'action=login&username='+username+'&password='+password;
			$.ajax({
				type: 'POST',
				data: urltopass,
				headers: {"Access-Control-Allow-Headers": "Content-Type"},
				url: 'http://localhost/testing/resp.php',
				crossDomain: true,
				cache: false,
				success: function(responseText){
					console.log(responseText);
					if(responseText== "0"){
						result.text('incorrect login information');
					} else if (responseText == "1"){
						window.location="http://localhost/testing/home.php";
					} else{
						alert('error in sql query \n' + responseText);
					}
				}
			});
		} else return false;
	});





The PHP code for http://localhost/testing/resp.php :



<?php
	include "db.php"; //Connecting to database

	if (!isset($_SERVER['HTTP_ORIGIN'])) {
		echo "This is not cross-domain request";
    exit;
}
	header("Access-Control-Allow-Origin: *");
	header("Access-Control-Allow-Credentials: true");
	header("Access-Control-Allow-Methods: POST, GET, OPTIONS");
	header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With");
	header('P3P: CP="CAO PSA OUR"'); // Makes IE to support cookies
	header("Content-Type: application/json; charset=utf-8");

	if (isset($_POST['action']) && $_POST['action'] == 'login'){
		$uname = $_POST['username'];
		$pass = $_POST['password'];

		$sql = "SELECT * FROM loginajax WHERE username='$uname' AND password='$pass'";
	
		$rs=$conn->query($sql);

		if (mysqli_num_rows($rs) <= 0){
			echo "0";
		} else {
			echo "1";
		}
		
	} else echo "this is not Login";

?>



解决方案
remove this:
headers: {"Access-Control-Allow-Headers": "Content-Type"},
from your jQuery.ajax call. 

The server responds with a Access-Control-Allow-Headers header, the client doesn't send it to the server. 

The client sends a Access-Control-Request-Headers to request allowing certain headers, the server responds back with with a Access-Control-Allow-Headers that lists the actual headers its going to allow. The client does not get to demand what headers are allowed.

                        
这篇关于请求头字段Access-Control-Allow-Headers在预检响应中不允许Access-Control-Allow-Headers的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！