发表新帖
发表新帖

localhost is therefore not allowed access

前端 未结
关注
3 1013
梦如初夏
梦如初夏 2021-01-20 11:19

To solve CORS issue, I wrote there

header(\'Access-Control-Allow-Origin: *\');
header(\'Access-Control-Allow-Methods: GET, POST\');
header(\"Access-Control-A
相关标签:
3条回答
  • 隐瞒了意图╮
    2021-01-20 11:27

    Due to browser security restrictions, most Ajax requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol. But Script and JSONP requests are not subject to the same origin policy restrictions.

    If you have n't used JSONP yet. The Wikipedia Says

    JSONP or “JSON with padding” is a complement to the base JSON data format, a usage pattern that allows a page to request and more meaningfully use JSON from a server other than the primary server.

    So your ajax call should be like this :

    $.ajax({
        type: 'GET',
        crossOrigin: true,
        dataType: "jsonp",
        url: url,
        success: function(data) {
            console.log(data);
        }
    });
    0 讨论(0)
  • 借酒劲吻你
    2021-01-20 11:28

    Using * will not work. The below PHP code will accept all requests from all domains and works in IE, Firefox, Chrome and Safari.

    $origin=isset($_SERVER['HTTP_ORIGIN'])?$_SERVER['HTTP_ORIGIN']:$_SERVER['HTTP_HOST'];
header('Access-Control-Allow-Origin: '.$origin);        
header('Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: Authorization, X-Requested-With');
header('P3P: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"');
header('Access-Control-Max-Age: 1');

    Accepting requests from all domains is insecure. For a better (but slightly more complex) solution, see here: CORS That Works In IE, Firefox, Chrome And Safari

    0 讨论(0)
  • 你的背包
    2021-01-20 11:28

    This is a common problem when accidently enabling CORS twice. Check to make sure you did not enable it in apache, or that the header is not being set twice. As a sanity check you can try to remove the header and add it right back before you serve out your response.

    Ex:

    header_remove('Access-Control-Allow-Origin');
header('Access-Control-Allow-Origin: *');
    0 讨论(0)
 看不清?
提交回复
热议问题