Access-Control-Allow-Origin不适用于Apache

时间:2014-01-09 14:42:15

标签: apache cors same-origin-policy

当我从我的localhost到我的服务器执行ajax发布时,我一直遇到交叉问题:

OPTIONS http://domain:port/fileuploader/fileupload No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. plupload.full.min.js:14
XMLHttpRequest cannot load http://domain:port/fileuploader/fileupload. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

我正在使用apache,所以我添加了这个以允许所有内容,但现在仍在使用:

 Header add Access-Control-Allow-Origin *
 Header add Access-Control-Allow-Headers "SOAPAction, Authorization, username, password, origin, X-Requested-With, Content-Type, XMLHttpRequest"
 Header add Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
 Header add Access-Control-Allow-Credentials: "true"

我的浏览器的响应标题是:

Request URL:http://domain:port/fileuploader/fileupload
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,ar;q=0.6
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:domain:port
Origin:http://localhost
Pragma:no-cache
Referer:http://localhost/omnixuploader/index.html?dDocName=test8818&dDocTitle=test8818&dDocType=SiebelAttachment&dDocAuthor=SADMIN&lan=ara&files=test|jpg:png:txt|220,wwow|pdf:txt:zip|222&rand=19
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Response Headersview source
Allow:GET, HEAD, POST, TRACE, OPTIONS
Content-Length:0
Date:Thu, 09 Jan 2014 14:39:45 GMT
X-ORACLE-DMS-ECID:a3121f70a766128a:-422d6665:14370f7c3a3:-8000-000000000000057a
X-Powered-By:Servlet/2.5 JSP/2.1

我不明白为什么它不起作用?任何提示?

2 个答案:

答案 0 :(得分:1)

您似乎正在配置http://localhost以授权其他网站告知浏览器向其发出请求。

您需要告诉http://domain:port/这样做。

X-Powered-By:Servlet/2.5 JSP/2.1表示您可能正在使用Apache Tomcat。如何配置该服务器的描述为in answers to this question

答案 1 :(得分:0)

首先尝试设置标题,然后添加其他标题:

Header set Access-Control-Allow-Origin *

Header add Access-Control-Allow-Headers "SOAPAction, Authorization, username, password, origin, X-Requested-With, Content-Type, XMLHttpRequest"

Header add Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"

Header add Access-Control-Allow-Credentials: "true"
相关问题
最新问题