Firefox的CORS请求尽管有头信息,但还是会发送“跨源请求”。
[英]Firefox CORS request giving 'Cross-Origin Request Blocked' despite headers
I'm trying to make a simple cross-origin request, and Firefox is consistently blocking it with this error:
我正在尝试做一个简单的跨源请求,而Firefox一直在用这个错误来阻止它:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [url]. This can be fixed by moving the resource to the same domain or enabling CORS. [url]
跨源请求被阻止:同源策略不允许在[url]读取远程资源。这可以通过将资源移动到相同的域或启用CORS来修复。[url]
It works fine in Chrome and Safari.
它在Chrome和Safari中运行良好。
As far as I can tell I've set all the correct headers on my PHP to allow this to work. Here's what my server is responding with
就我所知,我已经在PHP上设置了所有正确的头,以允许它工作。这是我的服务器响应的内容
HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 17:15:20 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Request-Headers: X-Requested-With, accept, content-type
Vary: Accept-Encoding
Content-Length: 186
Content-Type: text/html
I've tried using Angular, JQuery and a basic XMLHTTPRequest object, like so:
我尝试过使用角、JQuery和基本的XMLHTTPRequest对象,如下所示:
var data = "id=1234"
var request = new XMLHttpRequest({mozSystem: true})
request.onload = onSuccess;
request.open('GET', 'https://myurl.com' + '?' + data, true)
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')
request.send()
...and it works in everything that isn't Firefox. Can anyone help with this at all?
…它适用于所有不是Firefox的东西。有人能帮忙吗?
9 个解决方案
#1
73
Turns out this has nothing to do with CORS- it was a problem with the security certificate. Misleading errors = 4 hours of headaches.
事实证明,这与CORS无关——这是安全证书的问题。误导性的错误= 4小时的头痛。
#2
9
I found that my problem was: that the server i've send the cross request to had a certificate that was not trusted.
我发现我的问题是:我发送交叉请求的服务器有一个不受信任的证书。
If you want to connect to a cross domain with https (firefox), you have to add the exeption for this certificate first.
如果您想要使用https (firefox)连接到跨域,您必须首先添加此证书的调用。
You can do this, by visit the blocked link once and add the exception.
您可以通过访问被阻塞的链接一次并添加异常来实现这一点。
hope this helps someone!
希望这可以帮助别人!
#3
6
I've found solution after 2 days :(.
我在两天之后找到了解决办法。
Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding.
重要提示:当响应授权请求时,服务器必须指定一个域,并且不能使用粗梳。
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS Requests_with_credentials
#4
3
Just a word of warnings. I finally got around the problem with Firefox and CORS.
只是一句警告。我终于解决了Firefox和CORS的问题。
The solution for me was this post
我的解决方案是这篇文章
使用正确的响应头在Apache上设置CORS(跨源资源共享),允许通过| Benjamin Horn进行任何操作
However Firefox was behaving really, really strange after setting those headers on the Apache server (in the folder .htaccess).
但是,在Apache服务器(在.htaccess文件夹中)设置了这些头之后,Firefox的行为非常非常奇怪。
I added a lot of console.log("Hi FF, you are here A") etc to see what was going on.
我添加了很多控制台。记录(“你好,FF,你在这里”)等等,看看发生了什么。
At first it looked like it hanged on xhr.send(). But then I discovered it did not get to the this statement. I placed another console.log right before it and did not get there - even though there was nothing between the last console.log and the new one. It just stopped between two console.log.
起初它看起来像是挂在xhr.send()上。但后来我发现它并没有达到这个表述。我把另一个控制台。在它之前进行日志记录,但是没有到达那里——即使在最后一个控制台之间没有任何东西。log和新的那个。它就停在两个console.log之间。
Reordering lines, deleting, to see if there was any strange character in the file. I found nothing.
重新排序行,删除,以查看文件中是否有任何奇怪的字符。我什么也没找到。
Restarting Firefox fixed the trouble.
重新启动Firefox解决了这个问题。
Yes, I should file a bug. It is just that it is so strange so don't know how to reproduce it.
是的,我应该归档一个错误。只是它太奇怪了,所以不知道如何复制它。
NOTICE: And, oh, I just did the Header always set parts, not the Rewrite* part!
注意:哦,我只是做了标题总是设置部分,而不是重写*部分!
#5
2
Just add
只需添加
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
to the .htaccess file in the root of the website you are trying to connect with.
到你要连接的网站根目录中的。htaccess文件。
#6
1
Try this should be solve your issue
试试这个应该能解决你的问题
- In your config.php add www pre in your domain.com exa. // HTTP define('HTTP_SERVER', 'http://domain name with www/');
- 在你的配置。php在您的domain.com exa中添加www pre。// HTTP定义('HTTP_SERVER', 'http://domain name with www/');
// HTTPS define('HTTPS_SERVER', 'http://domain name with www/');
// HTTPS定义('HTTPS_SERVER', 'http://domain name with www/');
- Add you htaccess file
- 添加你htaccess
RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]
RewriteCond % { REQUEST_METHOD }选项RewriteRule ^(. *)$ $ 1(R = 200 L)
#7
0
For me, turns out I was setting Access-Control-Allow-Origin to a specific (and the correct) host.com but it had to be http://host.com instead. What does firefox do? It silently swallows the GET request and returns a status 0 to the XHR, with no warnings output to the javascript console, whereas for other similar failures it would at least say something. Ai ai.
对我来说,我是将访问控制允许源设置为特定的(和正确的)host.com,但它必须是http://host.com。firefox是干什么的?它悄悄地吞掉GET请求,并向XHR返回状态0,没有向javascript控制台输出警告,而对于其他类似的失败,它至少会说些什么。人工智能Ai。
#8
-2
It seems to be a bug on Firefox 44 that was fixed on version 45.
这似乎是Firefox 44上的一个bug,在45版本中被修复了。
#9
-4
The files are self explanatory. Make a file, call it anything. In my case jq2.php.
这些文件是不言自明的。创建一个文件,什么都可以。在我的例子中jq2.php。
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script>
// document is made ready so that the program starts when we load this page
$(document).ready(function(){
// it tells that any key activity in the "subcat_search" filed will execute the query.
$("#subcat_search").keyup(function(){
// we assemble the get link for the direction to our engine "gs.php".
var link1 = "http://127.0.0.1/jqm/gs.php?needle=" + $("#subcat_search").val();
$.ajax({
url: link1,
// ajax function is called sending the input string to "gs.php".
success: function(result){
// result is stuffed in the label.
$("#search_val").html(result);
}
});
})
});
</script>
</head>
<body>
<!-- the input field for search string -->
<input type="text" id="subcat_search">
<br>
<!-- the output field for stuffing the output. -->
<label id="search_val"></label>
</body>
</html>
Now we will include an engine, make a file, call it anything you like. In my case it is gs.php.
现在我们将包含一个引擎,创建一个文件,可以任意命名。在我的例子中是gs.php。
$head = "https://maps.googleapis.com/maps/api/place/textsearch/json?query="; //our head
$key = "your key here"; //your key
$hay = $_GET['needle'];
$hay = str_replace(" ", "+", $hay); //replacing the " " with "+" to design it as per the google's requirement
$kill = $head . $hay . "&key=" . $key; //assembling the string in proper way .
print file_get_contents($kill);
I have tried to keep the example as simple as possible. And because it executes the link on every keypress, the quota of your API will be consumed pretty fast.
我试图使这个例子尽可能简单。因为它在每个按键上执行链接,所以API的配额将很快被消耗掉。
Of course there is no end to things we can do, like putting the data into a table, sending to database and so on.
当然,我们可以做的事情没有结束,比如把数据放到一个表中,发送到数据库等等。
注意!
本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:http://www.silva-art.net/blog/2014/06/23/560aa1581d25cee08ed3021a243e3137.html。