allow-control-allow-origin : *头出现在API响应中,但浏览器仍显示错误。网络403错误。
这是来自API的示例响应头:
Access-Control-Allow-Headers: Origin,X-Requested-With,X-CSRF-Token,Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE
Access-Control-Allow-Origin: *
Cache-Control: no-cache="set-cookie"
Connection: keep-alive
Content-Length: 870
Content-Type: text/plain;charset=UTF-8
Date: Sat, 28 Nov 2015 17:56:46 GMT
Server: Apache-Coyote/1.1
Set-Cookie: AWSELB=6B492DE10EE
firebug中的错误:
"NetworkError: 403 Forbidden - https://xyz.....s"
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xyz..... (Reason: CORS header 'Access-Control-Allow-Origin' missing).
请求-Angularjs
var config = {
headers: {
"Accept": "application/json",
"Content-Type": "application/json",
"Apikey": "*************"
}
}
$http.post(URL, data, config)
.success(function (data, status, headers, config) {
//function
})
最佳答案
确保您的服务器支持OPTIONS动词,并在客户端使用时返回正确的cors头,这称为飞行前请求。请看一个客户端和服务器之间的完整cors交换示例here。
因此,第一步是客户端使用http动词发送飞行前请求:
OPTIONS /canvas/73/source HTTP/1.1
Host: jsbin.com
Access-Control-Request-Method: GET
Origin: http://jsconsole.com
Access-Control-Request-Headers: x-requested-with
现在您的服务器应该用正确的cors头来响应:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
就这样,您已经建立了握手,现在可以随意获取/发布您想要的任何内容:
GET /canvas/73/source HTTP/1.1
Host: jsbin.com
x-requested-with: XMLHttpRequest
你会得到一个成功的回应:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Length: 977
...
您还可以查看this example。
关于jquery - allow-control-allow-origin:*存在,但仍显示错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/33977063/