問題描述
我正在嘗試在客戶端上使用 jQuery (1.7.1) 驅動的 ajax 和 apache 服務的 python (django) 服務器來設置簡單的跨域資源共享.根據我已閱讀的所有說明,我的標題設置正確,但我不斷收到以下錯誤:
I am trying to set up simple Cross-Origin Resource Sharing using jQuery (1.7.1) powered ajax on the client and apache served python (django) server. According to all the instructions I have read my headers are set correctly, but I keep getting the following error:
XMLHttpRequest 無法加載 http://myexternaldomain.com/get_data.來源 http://localhost:8080 不允許訪問控制允許來源.
XMLHttpRequest cannot load http://myexternaldomain.com/get_data. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
我正在嘗試發送的標題(我不確定它是否能通過瀏覽器)發送是:
The header being I am trying to (I am not sure it is even getting past the browser) send is:
Request URL:http://myexternaldomain.com/get_data
Accept:application/json, text/javascript, */*; q=0.01
Origin:http://localhost:8080
Referer:http://localhost:8080/static/js/test-zetta.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11
javascript代碼是
The javascript code is
var request = $.ajax({
url : "http://myexternaldomain.com/get_data",
type : "POST",
dataType : "json",
crossDomain : true
});
請注意,origin 設置正確.服務器使用以下python代碼添加標頭Access-Control-Allow-Origin = *
Note that origin is set correctly. The server adds the header Access-Control-Allow-Origin = * using the following python code
def process_response(self, response):
if response.has_header('Access-Control-Allow-Origin'):
return response
response['Access-Control-Allow-Origin'] = '*'
return response
def get_orders(request):
""" Tell worker what to do """
response_data = {}
response_data['action'] = 'probe'
response = process_response(HttpResponse(json.dumps(response_data), mimetype="application/json"))
return response
如果我直接訪問該地址,似乎可以確認標題設置正確
If I visit the address directly, it appears to confirm that the header is being set correctly
Access-Control-Allow-Origin:*
Content-Type:application/json
Date:Thu, 08 Mar 2012 05:06:25 GMT
Server:Apache/2.2.20 (Ubuntu)
Transfer-Encoding:chunked
但是在跨域設置中它總是失敗(嘗試了 chrome 和 firefox).我已經嘗試完全按照 this 問題,但得到同樣的錯誤
However in the cross domain setting it always fails (tried both chrome and firefox). I've tried implementing the code exactly as per the selected answer to this question, but get the same error
更新
我很確定問題出在服務器端,因為我已經設法讓我的 ajax 調用與另一個啟用了 CORS 的公共服務器一起工作.當我比較從這個公共服務器返回的標頭和從我返回的標頭(當我從同一個域進行測試時)時,我看不到任何可能導致差異的主要差異(見下文).
I am quite sure that the problem is server side, as I have managed to get my ajax calls working with a different public CORS enabled server. When I compare the headers coming back from this public server, and the ones returned from mine (when I test from same domain), I cannot see any major difference which could account for difference (see below).
我排除的一個微妙之處可能很重要,也可能很重要,那就是實際域是多個子域的亞馬遜域.真實地址是http://ec2-23-20-27-108.compute-1.amazonaws.com/get_orders,請隨意探索一下,看看我做錯了什么.
One subtlety that I excluded, which may or may be important is that the actual domain is an amazon domain of multiple subdomains. The real address is http://ec2-23-20-27-108.compute-1.amazonaws.com/get_orders , feel free to probe it to see what I am doing wrong.
來自公共服務器
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:622
Content-Type:text/html
Date:Thu, 08 Mar 2012 15:33:20 GMT
Keep-Alive:timeout=15, max=99
Server:Apache/2.2.14 (Ubuntu)
Vary:Accept-Encoding
X-Powered-By:Perl/5.8.7, PHP/4.4.0
來自我的服務器 - (不能跨域工作)
Access-Control-Allow-Origin:*
Content-Encoding:gzip
Content-Type:text/plain
Date:Thu, 08 Mar 2012 15:32:24 GMT
Server:Apache/2.2.20 (Ubuntu)
Transfer-Encoding:chunked
Vary:Accept-Encoding
推薦答案
所以我被轉到 URL 的響應誤導了,實際上問題是在執行 ajax 請求時,我得到了 403 (由于 csrf 保護,僅在 firefox 而非 chrome 中顯示)錯誤.
So I was being mislead by the response from going to the URL, and in fact the problem was that when doing the ajax request, I was getting a 403 (only revealed in firefox not chrome) error due to csrf protection.
這篇關于盡管標頭正確,但 CORS Access-Control-Allow-Origin的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!