Origin is not allowed by Access-Control-Allow-Origin

后端 未结 18 2996
北海茫月
北海茫月 2020-11-21 05:52

I\'m making an Ajax.request to a remote PHP server in a Sencha Touch 2 application (wrapped in PhoneGap).

The response from the server is the following:

相关标签:
18条回答
  • 2020-11-21 05:55

    If you have an ASP.NET / ASP.NET MVC application, you can include this header via the Web.config file:

    <system.webServer>
      ...
    
        <httpProtocol>
            <customHeaders>
                <!-- Enable Cross Domain AJAX calls -->
                <remove name="Access-Control-Allow-Origin" />
                <add name="Access-Control-Allow-Origin" value="*" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
    
    0 讨论(0)
  • 2020-11-21 05:58

    I've run into this a few times when working with various APIs. Often a quick fix is to add "&callback=?" to the end of a string. Sometimes the ampersand has to be a character code, and sometimes a "?": "?callback=?" (see Forecast.io API Usage with jQuery)

    0 讨论(0)
  • 2020-11-21 05:59

    You may make it work without modifiying the server by making the broswer including the header Access-Control-Allow-Origin: * in the HTTP OPTIONS' responses.

    In Chrome, use this extension. If you are on Mozilla check this answer.

    0 讨论(0)
  • 2020-11-21 06:03

    This was the first question/answer that popped up for me when trying to solve the same problem using ASP.NET MVC as the source of my data. I realize this doesn't solve the PHP question, but it is related enough to be valuable.

    I am using ASP.NET MVC. The blog post from Greg Brant worked for me. Ultimately, you create an attribute, [HttpHeaderAttribute("Access-Control-Allow-Origin", "*")], that you are able to add to controller actions.

    For example:

    public class HttpHeaderAttribute : ActionFilterAttribute
    {
        public string Name { get; set; }
        public string Value { get; set; }
        public HttpHeaderAttribute(string name, string value)
        {
            Name = name;
            Value = value;
        }
    
        public override void OnResultExecuted(ResultExecutedContext filterContext)
        {
            filterContext.HttpContext.Response.AppendHeader(Name, Value);
            base.OnResultExecuted(filterContext);
        }
    }
    

    And then using it with:

    [HttpHeaderAttribute("Access-Control-Allow-Origin", "*")]
    public ActionResult MyVeryAvailableAction(string id)
    {
        return Json( "Some public result" );
    }
    
    0 讨论(0)
  • 2020-11-21 06:03

    When you receive the request you can

    var origin = (req.headers.origin || "*");
    

    than when you have to response go with something like that:

    res.writeHead(
        206,
        {
            'Access-Control-Allow-Credentials': true,
            'Access-Control-Allow-Origin': origin,
        }
    );
    
    0 讨论(0)
  • 2020-11-21 06:04

    If you get this in Angular.js, then make sure you escape your port number like this:

    var Project = $resource(
        'http://localhost\\:5648/api/...', {'a':'b'}, {
            update: { method: 'PUT' }
        }
    );
    

    See here for more info on it.

    0 讨论(0)
提交回复
热议问题