Origin is not allowed by Access-Control-Allow-Origin

后端未结

关注

 18  2939

北海茫月

I\'m making an Ajax.request to a remote PHP server in a Sencha Touch 2 application (wrapped in PhoneGap).

The response from the server is the following:

相关标签:

18条回答

南旧

2020-11-21 06:18
If you're writing a Chrome Extension and get this error, then be sure you have added the API's base URL to your manifest.json's permissions block, example:
```
"permissions": [
    "https://itunes.apple.com/"
]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
耶瑟儿～

2020-11-21 06:20
I wrote an article on this issue a while back, Cross Domain AJAX.

The easiest way to handle this if you have control of the responding server is to add a response header for:
```
Access-Control-Allow-Origin: *
```
This will allow cross-domain Ajax. In PHP, you'll want to modify the response like so:
```
<?php header('Access-Control-Allow-Origin: *'); ?>
```
You can just put the Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.

It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don't know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:
```
<?php header('Access-Control-Allow-Origin: http://example.com') ?>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
逝去的感伤

2020-11-21 06:20
if you're under apache, just add an .htaccess file to your directory with this content:
```
Header set Access-Control-Allow-Origin: *

Header set Access-Control-Allow-Headers: content-type

Header set Access-Control-Allow-Methods: *
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
梦毁少年i

2020-11-21 06:20
In Ruby on Rails, you can do in a controller:
```
headers['Access-Control-Allow-Origin'] = '*'
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
无人共我

2020-11-21 06:21
If you're using Apache just add:
```
<ifModule mod_headers.c>
    Header set Access-Control-Allow-Origin: *
</ifModule>
```
in your configuration. This will cause all responses from your webserver to be accessible from any other site on the internet. If you intend to only allow services on your host to be used by a specific server you can replace the * with the URL of the originating server:
```
Header set Access-Control-Allow-Origin: http://my.origin.host
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
故里飘歌

2020-11-21 06:22

As Matt Mombrea is correct for the server side, you might run into another problem which is whitelisting rejection.

You have to configure your phonegap.plist. (I am using a old version of phonegap)

For cordova, there might be some changes in the naming and directory. But the steps should be mostly the same.

First select Supporting files > PhoneGap.plist

then under "ExternalHosts"

Add a entry, with a value of perhaps "http://nqatalog.negroesquisso.pt" I am using * for debugging purposes only.

0 讨论(0)
发布评论:

提交评论
- 加载中...

上一页 1 2 3