代码之家 › 专栏 › 技术社区 › Michael Lorton

CORS不适用于铬合金

cors google-chrome jquery javascript

Michael Lorton · 技术社区 · 14 年前

我已经在服务器上设置了跨源站资源共享(使用CrossOriginFilter的Jetty),它在IE8和Firefox上工作得很好。在铬合金上,它只是…不。

  $.ajax({ url : crossOriginURL,
    type : "GET",
    error : function(req, message) {
        alert(message);
    },
    dataType :  "json" } );

The error function is invoked, with the helpful message "error". It seems to be making the request, but without any of the headers you'd expect. If the URL is from the same origin, it works fine.

5 回复 | 直到 7 年前

cusspvz 14 年前

我用这种方式解决了我的问题:

将此添加到PHP代码中:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true ");
header("Access-Control-Allow-Methods: OPTIONS, GET, POST");
header("Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control");

或者将这些头添加到响应中。

问题:浏览器在主请求之前向服务器请求选项,以检查站点是否允许与不同来源的通信,如果是,则执行发布或获取请求。

编辑: 试试这个(不用你的黑客)看看你是否在接收数据…

$.ajax({ url : crossOriginURL,
    type : "GET",
    error : function(req, message) {
        alert(message);
    },
    success : function(data) {
        alert(data);
    },
    dataType :  "text"} );

Eric 12 年前

It looks like the original poster may have resolved their issue, but for anyone having the same issue as commentor Elisabeth, I believe the problem may be that Chrome refuses to set a an Origin header for a CORS request if you are running the request from a local file. It won't even let you explicitly override the Origin header. This causes the server to see "Origin: null", which results in a 403 in most cases. Firefox apparently has no such constraint, as I've found after much hair-pulling.

If you absolutely need to use Chrome in this case, you can resolve your issue by running a webserver locally and always accessing your file via http: instead of via file:.

Michael Lorton 13 年前

最终对我起作用的是 xhr.setRequestHeader('Content-Type', 'text/plain');

Daniel C. Deng 7 年前

In my case, it's localhost:8001 (the front-end) which tries to call the APIs at localhost:7001 (on server.js as a Node server). Even I had the CORS plugin installed and turned on on Chrome, still the CORS policy rejected them as preflight cases.

我花了半天多时间终于解决了这个问题。

i.关闭CORS插件,重新加载应用程序,此时您仍然可以得到正确的错误。

ii. Turn it back ON, reload the app, if the APIs are successful, stop here, no need to proceed to iii.

iii.但是,如果您仍然收到CORS拒绝,那么卸载chrome并安装最新的chrome。

iv. On the new Chrome, the previously installed CORS plugin should still be there but with OFF status.

v.重新加载页面,您应该在控制台上得到正确的CORS拒绝消息。

重新打开,重新加载页面,错误应该消失。

如果上述步骤在您的案例中仍然不起作用,则无需进一步考虑。

我还在server.js(node)上尝试了以下方法,但仍然无法工作,因此无需尝试:

var app = express();
var cors = require('cors'); // Already done ânpm i cors --save-devâ
app.options('*', cors());

-5

pranavbapat 11 年前

CORS可以在铬合金中使用。使用chrome是安全模式,即使用禁用安全设置。谷歌搜索它,或者你甚至可以从命令行开始。