我正在向远程perl服务器发出请求。但是得到了问题
XMLHttpRequest cannot load http://otherdomain.com/getPub.pl?content=hello. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
我已经在perl脚本中启用了access_control_allow_origin为“*”,代码如下:
#!/usr/bin/perl
use strict;
use CGI qw(:standard);
use warnings;
my $cgi = new CGI;
print $cgi -> header(
-type => 'text/plain',
-access_control_allow_origin => '*',
);
my $content = $cgi -> param('content');
open(CON,">content.txt") || die "can't open $!";
print CON $content;
close(CON);
并且js请求如下:
function sendData(){
var url = "http://otherdomain.com/getPub.pl?content=hello";
var xhr = createCORSRequest("GET", url);
if(!xhr){
throw new Error ('CORS not supported');
}
xhr.send();
}
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if("withCredentials" in xhr){
xhr.open(method,url,true);
}else if(typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
}else{
xhr = null;
}
return xhr;
}
响应标题为:
Allow:GET,HEAD,POST,OPTIONS,TRACE
Connection:Keep-Alive
Content-Length:0
Content-Type:text/plain; charset=UTF-8
Date:Mon, 07 Jan 2013 16:55:44 GMT
Keep-Alive:timeout=15, max=99
Server:Apache/2.2.3 (CentOS)
怎么回事?
答案 0 :(得分:2)
它最终适用于PHP,虽然我仍然没有看到差异。 摘要如下:
1。 使用perl时:
my $cgi = new CGI;
print $cgi -> header(
-type => 'text/plain',
-access_control_allow_origin => '*',
-access_control_allow_headers => 'content-type,X-Requested-With',
-access_control_allow_methods => 'GET,POST,OPTIONS',
-access_control_allow_credentials => 'true',
);
HTTP标头为:
请求标题:
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, x-requested-with, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:example.org
Origin:http://localhost
Referer:http://localhost/testCORS.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
响应标题:
Allow:GET,HEAD,POST,OPTIONS,TRACE
Connection:Keep-Alive
Content-Length:0
Content-Type:text/plain; charset=UTF-8
Date:Tue, 08 Jan 2013 05:52:26 GMT
Keep-Alive:timeout=15, max=100
Server:Apache/2.2.3 (CentOS)
2。 但是在PHP中,它可以工作!!!:我没有看到差异!
代码为:
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET,POST,OPTIONS");
header("Access-Control-Allow-Headers: X-Requested-With,");
#header("Access-Control-Allow-Credentials: true");
?>
响应标题:
Access-Control-Allow-Headers:X-Requested-With
Access-Control-Allow-Methods:GET,POST,OPTIONS
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Tue, 08 Jan 2013 05:52:10 GMT
Keep-Alive:timeout=15, max=100
Server:Apache/2.2.3 (CentOS)
X-Powered-By:PHP/5.3.3
答案 1 :(得分:0)
您需要确保您的服务器使用正确的Access-Control-Allow-Origin标头响应对该URL的OPTIONS请求。浏览器将通过首先发出OPTIONS请求来“预检”您的请求。如果失败,则根本不会尝试您的请求。