为什么当URL已经在Access-Control-Allow-Origin标题中时,我会收到此错误!?
XMLHttpRequest cannot load http://cdn.localhost/data/voucher/16_ead32751b66fd6c7856b7db0e186574df37a7d08.pdf. Origin http://secure.localhost is not allowed by Access-Control-Allow-Origin.
Refused to get unsafe header "Accept-Ranges"
Header add Access-Control-Allow-Origin "http://secure.localhost"
答案 0 :(得分:2)
还可以尝试从this post发送以下标题:
// Specify domains from which requests are allowed
header('Access-Control-Allow-Origin: *');
// Specify which request methods are allowed
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
// Additional headers which may be sent along with the CORS request
// The X-Requested-With header allows jQuery requests to go through
header('Access-Control-Allow-Headers: X-Requested-With');
// Set the age to 1 day to improve speed/caching.
header('Access-Control-Max-Age: 86400');
答案 1 :(得分:0)
Access-Control-Allow-Origin的规范讨论了以空格分隔的URL语法。也许第二次出现的标题会覆盖客户端中的第一个 - 在单个标题中尝试多值版本。