我正在从我的 asp.net 表单调用此函数,并在调用 ajax 时在 firebug 控制台上出现以下错误.

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

跨域请求被阻止:同源策略不允许读取位于 http://anotherdomain/test.json 的远程资源.(原因:缺少 CORS 标头Access-Control-Allow-Origin").

var url= 'http://anotherdomain/test.json';
            url: url,
            crossOrigin: true,
            type: 'GET',
            xhrFields: { withCredentials: true },
            accept: 'application/json'
        }).done(function (data) {
        }).fail(function (xhr, textStatus, error) {
            var title, message;
            switch (xhr.status) {
                case 403:
                    title = xhr.responseJSON.errorSummary;
                    message = 'Please login to your server before running the test.';
                    title = 'Invalid URL or Cross-Origin Request Blocked';
                    message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';


I've done alternate way but still unable to find the solution.


Note: I've no server rights to make server side(API/URL) changes.



This happens generally when you try access another domain's resources.


This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

响应的标头,即使是 200OK 也不允许其他来源(域、端口)访问资源.

The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the ressources.


You can fix this problem if you are the owner of both domains:

要更改它,您可以在请求的域文件的 .htaccess 中写入:

To change that, you can write this in the .htaccess of the requested domain file:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"

如果您只想授予对一个域的访问权限,.htaccess 应如下所示:

If you only want to give access to one domain, the .htaccess should look like this:

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin 'https://my-domain.tdl'

解决方案 2:以正确的方式设置标题


Solution 2: set headers the correct way

If you set this into the response header of the requested file, you will allow everyone to access the ressources:

Access-Control-Allow-Origin : *

Access-Control-Allow-Origin : http://www.my-domain.com


