为跨网域配置google app引擎应用 [英] Configure google app engine application for cross-domain

问题描述

您可以告诉我们，如何配置我们在Google App Engine上托管的Python应用程序，从浏览器接受来自AJAX的OPTIONS，GET，POST，PUT和DELETE？

这种调用的细节是XmlHTTPRequest首先向服务器发出请求，以查看允许跨域动词，如果需要，则在列表中 - 浏览器随后执行此请求。

现在我们只是得到一个405方法不允许，试图让浏览器做OPTIONS请求。

AJAX调用正在从另一个网站/

谢谢您，

罗马。

解决方案

一种绕过同源策略的方法，允许浏览器跨域请求采用 JSONP 但AFAIK，它只支持 GET 动词;事实上，它是一个GET请求来检索在DOM文档中注入的< script> 标记的 src / p>

如果不能使用JSONP，更现代的方法是使用 CORS ，将 Access-Control-Allow-Origin Http标头添加到响应 ^* ：

在 中：：

  self.response.headers ['Access-Control-Allow-Origin'] ='*'
  

在 Java ：

  resp.setHeader（Access-Control-Allow-Origin，*）; 
  

^{*检查浏览器兼容性这里}

Could you please advise, how we can configure our Python app hosted on Google App Engine to accept the OPTIONS, GET, POST, PUT and DELETE from AJAX being done from browser?

The specifics of such calls are XmlHTTPRequest first does OPTIONS request to the server to see what cross-domain verbs are allowed and if desired one is in the list - browser does this request afterwards.

Right now we just get a 405 Method Not Allowed in attempt of browser to do OPTIONS request.

AJAX calls are being done from another site/domain.

Thank you,

Roman.

解决方案

One way to bypass the same-origin policy allowing browsers cross-domain requests is adopting JSONP but AFAIK, it only supports the GET verb; In fact, it's a GET request to retrieve the src of a <script> tag injected in the DOM Document

If JSONP is not an option, a more modern way is by using CORS, adding the Access-Control-Allow-Origin Http header to the response ^*:

In Python:

self.response.headers['Access-Control-Allow-Origin'] = '*'

In Java:

resp.setHeader("Access-Control-Allow-Origin", "*");

^{* Check the browser compatibility here}

这篇关于为跨网域配置google app引擎应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！