SSL CORS不工作与Zend的卫队 [英] SSL CORS not working with Zend Guard

问题描述

我添加了一切，我的Apache htaccess的：

I've added everything to my Apache htaccess:

Header set Access-Control-Allow-Headers: X-Requested-With
Header set Access-Control-Allow-Methods: OPTIONS
Header add Access-Control-Allow-Methods: GET
Header add Access-Control-Allow-Methods: POST
Header add Access-Control-Allow-Headers: Content-Type
Header add Access-Control-Allow-Headers: Depth
Header add Access-Control-Allow-Headers: User-Agent
Header add Access-Control-Allow-Headers: X-File-Size
Header add Access-Control-Allow-Headers: X-Requested-With
Header add Access-Control-Allow-Headers: If-Modified-Since
Header add Access-Control-Allow-Headers: X-File-Name
Header add Access-Control-Allow-Headers: Cache-Control
Header set Access-Control-Allow-Origin: http://mysite.com 
Header add Access-Control-Allow-Origin: https://mysite.com
Header set Access-Control-Allow-Credentials: true

我说这对我的jQuery $。阿贾克斯：

I added this to my jquery $.ajax:

xhrFields: {
    withCredentials: true
}

绝对没有任何工程。

Absolutely nothing works.

我做$就以

type: 'POST',
dataType: 'json'

我想通过将所有这些报头的上面，我可以做的JSON没有JSONP（请没有JSONP。任何东西，但JSONP。我不能得到成功火灾。please.god.no）

I thought by setting all of those headers above, I could do json not jsonp (please no jsonp. anything but jsonp. i can't get success to fire. please.god.no)

我在我的极限。我收到了良好的OLE

I'm at my limits. I'm getting the good ole

XMLHttpRequest cannot load https://mysite.com/aDirectory/aSecureFile.php. Origin http://mysite.com is not allowed by Access-Control-Allow-Origin.

请帮忙。我要死在这里。我保证我到处看，哦，有我看着无处不在。

Please help. I'm dying here. I promise I've looked everywhere, oh, have I looked everywhere.

提前感谢！

透明度

我的头都来了对面。我可以看到他们在我的响应头，但我仍然得到上述错误。在服务器阻塞？浏览器？是不是有什么特别的我必须做的做的https？有没有在Apache另一个设置我必须设置为允许CORS？是我的jQuery $就正确吗？除了数据和成功和错误（始终是网址HTTPS），这就是我做了jQuery $。阿贾克斯。

My headers are all coming across. I can see them in my response headers, but I'm still getting the above error. Is the server blocking? The browser? Is there something special I have to do to do https? Is there another setting on Apache I have to set to allow CORS? Is my jQuery $.ajax correct? Aside from data and success and error (and the URL always being https), that's all I'm doing to the jQuery $.ajax.

再次感谢！

新

<一个href="http://stackoverflow.com/questions/7423983/cross-domain-ajax-$p$pflighting-failing-origin-check?rq=1">Cross域名AJAX preflighting没有产地检查没有帮助（我不认为）。新增

Cross Domain AJAX preflighting failing Origin check didn't help (I don't think). Added

Header set Access-Control-Allow-Headers: ORIGINS

（调整套，并增加了）。所有的响应头灌进管道。

(adjusting for sets and adds). All response headers coming down the pipe.

新

添加了这些

Header add Access-Control-Allow-Headers: Origin
Header add Access-Control-Allow-Headers: Accept

仍然没有

请求头

做这些帮助

Accept:application/json, text/javascript, /; q=0.01
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://mysite.com
Referer:http://mysite.com/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11

PHP

header("Access-Control-Allow-Origin: http://mysite.com");
header("Access-Control-Allow-Origin: https://mysite.com");

响应头CLARITY

响应头对所有正常的请求来通过不跨域HTTPS AJAX。

The RESPONSE HEADERS are coming through on all normal requests not the cross domain https ajax.

服务器

的CentOS 5.8，Apache的2.2.2，PHP 5.3，的cPanel，南国

CentOS 5.8, Apache 2.2.2, PHP 5.3, cPanel, WHM

精细，如果PHP不执行

所以，在我匆忙，我复制slashingweapon的直接cors.php没有PHP的标签。我用上面的设置做了一个测试页面，$阿贾克斯。

So, in my haste, I copied slashingweapon's cors.php directly without php tags. I made a test page with $.ajax using the settings above.

它的工作（如在没有当AJAX发射错误）完整的响应头。当我添加了标签的PHP，错误发生。我检查，看它是否是一个目录的问题，把它的根和一个子目录，罚款，只要PHP没有执行。

It worked (as in there were no errors when the ajax fired) complete with response headers. As soon as I added the tags to the PHP, the error happened. I checked to see if it was a directory issue, putting it in both root and a subdirectory, fine as long as PHP is not executing.

这是否意味着什么人？

有一个需要翻转一个PHP设置？

Is there a PHP setting that needs to be flipped?

感谢所有为磨这一点跟我来！

Thanks to all for grinding this out with me!

我们有心跳

它看起来像在htacess多个参数掷骰子我的服务器了。我减少了上面这所有的选项（这是为我好，但是我可怜达傻瓜谁需要更多）：

It looks like multiple arguments in the htacess craps my server out. I reduced all those options above to this (which is fine for me, but I pity da fool who needs more):

＆LT; IfModule mod_headers.c＆GT;    ＆LT; FilesMatch\（PHP）$。＆GT;        标题设置访问控制 - 允许 - 产地：http://mysite.com        头添加访问控制 - 允许 - 方法：POST    ＆LT; / FilesMatch＆GT; ＆LT; / IfModule＆GT;

<IfModule mod_headers.c> <FilesMatch "\.(php)$"> Header set Access-Control-Allow-Origin: http://mysite.com Header add Access-Control-Allow-Methods: POST </FilesMatch> </IfModule>

我只把在PHP中

echo "this works at least":

和附带的响应。一旦我弄清楚是什么导致我的PHP失败，我会发布它。

And that came in the response. Once I figure out what's causing my PHP to fail, I'll post it.

再次感谢大家！

Zend的卫队的问题？

Sooooooooo，对不起你们。忘了补充一点，我的网站上运行Zend的卫队。有导致它的感觉。

Sooooooooo, sorry guys. Forgot to add that my site's running Zend Guard. Have a feeling that's causing it.

推荐答案

在客户端尝试做了CORS要求它先发送一个preflight的要求，以确保服务器支持CORS。如果preflight请求通过，那么真正的请求将被发送。

When the client tries to do a CORS request it first sends a "preflight" request to make sure the server supports CORS. If the preflight request passes, then the real request will be send.

您的服务器需要正确的响应发送到CORS请求。我有一个 CORS PHP 要点，说明如何做到这一点。

Your server needs to send the right responses to CORS requests. I have a CORS PHP gist that shows how to do this.

这篇关于SSL CORS不工作与Zend的卫队的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！