跨域与CherryPy

时间:2014-05-08 16:40:33

标签: cross-domain xss cherrypy cross-site

我在端口上运行JBOSS服务器:8080,运行的CherryPY服务器:8099

如果我尝试执行以下操作

var insertObj = {
    poi_id : "12345",
    obv_id : ""
};

var url = "http://10.XX.X.XXXX:8099/output";

$.ajax({
    type : "GET",
    url : url,
    data : JSON.stringify(insertObj),       
    contentType : "application/json",
    dataType : "json",
    success : function(response) {
        alert(response);
    }
});

编辑1:

这就是我设置cherryPy服务器的方式

class TestServer(object):
    @cherrypy.expose
    def index(self):
        return "Hello World!"

    @cherrypy.expose
    @cherrypy.tools.json_out()
    @cherrypy.tools.json_in()
    def test(self):
        print 'set up the response headers'
        cherrypy.response.headers["Access-Control-Allow-Origin"] = "http://localhost"
        cherrypy.response.headers["Allow"] = "POST, GET"
        input_json = cherrypy.request.json
        print input_json

def CORS(): 
    cherrypy.response.headers["Access-Control-Allow-Origin"] = "*" # mean: CORS to all; insert spec. origin to allow spec access 
    # ... insert further resp headers if needed 

if __name__ == '__main__':
    cherrypy.tools.CORS = cherrypy.Tool('before_handler', CORS)
    port = int(os.environ.get('PORT', 8099))
    cherrypy.config.update({'server.socket_host': '10.XX.X.XXX',
                        'server.socket_port': port,
                        'tools.CORS.on': True,
                       })
    cherrypy.quickstart(TestServer())

但是,我仍然在Chrome / Firefox / IE中遇到同样的问题

XMLHttpRequest cannot load http://10.XX.X.XXX:8099/test. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://10.XX.X.XXX:8080' is therefore not allowed access. 

0 个答案:

没有答案