問題描述

收到此錯(cuò)誤消息:拒絕設(shè)置不安全的標(biāo)頭Origin"

使用此代碼:

   function getResponse() {
            document.getElementById("_receivedMsgLabel").innerHTML += "getResponse() called.<br/>";
            if (receiveReq.readyState == 4 || receiveReq.readyState == 0) {
                receiveReq.open("GET", "http://L45723:1802", true, "server", "server123");  //must use L45723:1802 at work.
                receiveReq.onreadystatechange = handleReceiveMessage;
                receiveReq.setRequestHeader("Origin", "http://localhost/");
                receiveReq.setRequestHeader("Access-Control-Request-Origin", "http://localhost");
                receiveReq.timeout = 0;
                var currentDate = new Date();
                var sendMessage = JSON.stringify({
                    SendTimestamp: currentDate,
                    Message: "Message 1",
                    Browser: navigator.appName
                });
                receiveReq.send(sendMessage);

            }
        }

我做錯(cuò)了什么?為了使這個(gè) CORS 請求正常工作，我在標(biāo)頭中遺漏了什么?

What am I doing wrong? What am I missing in the header to make this CORS request work?

我嘗試刪除 receiveReq.setRequestHeader("Origin", ...) 調(diào)用，但 Google Chrome 在我的 receiveReq.open() 調(diào)用中引發(fā)訪問錯(cuò)誤...

I tried removing the receiveReq.setRequestHeader("Origin", ...) call but then Google Chrome throws an access error on my receiveReq.open() call...

為什么?

推薦答案

這只是一個(gè)猜測，因?yàn)槲沂褂?jquery 處理 ajax 請求，包括 CORS.

This is just a guess, as I use jquery for ajax requests, including CORS.

我認(rèn)為瀏覽器應(yīng)該設(shè)置標(biāo)題，而不是你.如果您能夠設(shè)置標(biāo)題，那將破壞安全功能的目的.

I think the browser is supposed to set the header, not you. If you were able to set the header, that would defeat the purpose of the security feature.

在不設(shè)置這些標(biāo)頭的情況下嘗試請求，看看瀏覽器是否為您設(shè)置了它們.

Try the request without setting those headers and see if the browser sets them for you.

這篇關(guān)于拒絕設(shè)置不安全的標(biāo)頭“Origin"使用谷歌瀏覽器的 xmlHttpRequest 時(shí)的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！