JavaScript - XMLHttpRequest, Access-Control-Allow-Origin errors

前端 未结 2 534
南笙
南笙 2020-12-02 15:44

I\'m attempting to send a XMLHttpRequest to a paste site. I\'m sending an object containing all the fields that the api requires, but I keep getting this issue. I have read

相关标签:
2条回答
  • 2020-12-02 16:27

    I think you've missed the point of access control.

    A quick recap on why CORS exists: Since JS code from a website can execute XHR, that site could potentially send requests to other sites, masquerading as you and exploiting the trust those sites have in you(e.g. if you have logged in, a malicious site could attempt to extract information or execute actions you never wanted) - this is called a CSRF attack. To prevent that, web browsers have very stringent limitations on what XHR you can send - you are generally limited to just your domain, and so on.

    Now, sometimes it's useful for a site to allow other sites to contact it - sites that provide APIs or services, like the one you're trying to access, would be prime candidates. CORS was developed to allow site A(e.g. paste.ee) to say "I trust site B, so you can send XHR from it to me". This is specified by site A sending "Access-Control-Allow-Origin" headers in its responses.

    In your specific case, it seems that paste.ee doesn't bother to use CORS. Your best bet is to contact the site owner and find out why, if you want to use paste.ee with a browser script. Alternatively, you could try using an extension(those should have higher XHR privileges).

    0 讨论(0)
  • 2020-12-02 16:39

    I've gotten same problem. The servers logs showed:

    DEBUG: <-- origin: null
    

    I've investigated that and it occurred that this is not populated when I've been calling from file from local drive. When I've copied file to the server and used it from server - the request worked perfectly fine

    0 讨论(0)
提交回复
热议问题