跨源请求阻止Angular JS Put请求

时间:2014-10-24 06:54:18

标签: javascript angularjs yii

我正在使用服务器端的Yii框架和客户端的Angular JS开发REST-ful应用程序

我使用restfulyii扩展来生成api

:当我发送PUT请求时,我遇到了问题。

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ..... This can be fixed by moving the resource to the same domain or enabling CORS.

但它正在为发布+获取请求

工作

我看到了不同的解决方案,但没有一个解决方案。

我试图把那些是服务器端

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token");
header("Access-Control-Max-Age: 1000");

并尝试将此代码放在角度js模块中:

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

我还试图把

 $http.defaults.headers.post["Content-Type"] = "application/x-www-form-urlencoded";

请求转换为OPTIONS请求 并且来自服务器的响应变为如下:

Access-Control-Allow-Headers:x-requested-with, Content-Type, origin, authorization, accept, client-security-token 
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-
Origin:http://localhost:8383
 Access-Control-Max-Age:1000
 Connection:close
 Content-Type:text/html Date:Fri, 24 Oct 2014 06:49:32 GMT
 Server:Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.9 X-Powered-By:PHP/5.5.9

1 个答案:

答案 0 :(得分:0)

我的所有其他控制器都有一个基本控制器,它使用具有以下事件的restangular。

public function restEvents()
{
    $this->onRest('req.cors.access.control.allow.origin', function() {
        return ['*']; //List of sites allowed to make CORS requests 
    });

    $this->onRest('req.cors.access.control.allow.methods', function() {
        return ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']; //List of allowed http methods (verbs) 
    });

    $this->onRest('req.auth.cors', function ($allowed_origins) {
        if (in_array('*', $allowed_origins)) {
            return true;
        }
        if((isset($_SERVER['HTTP_ORIGIN'])) && (( array_search($_SERVER['HTTP_ORIGIN'], $allowed_origins)) !== false )) {
            return true;
        }
        return false;   
    });

    $this->onRest('req.cors.access.control.allow.headers', function($application_id) {
        return ["X_{$application_id}_CORS", "Content-Type", "Authorization", "X_REST_REQUEST"];
    });

}

客户端我使用带有以下选项的restangular:

RestangularProvider.setDefaultHttpFields({withCredentials: true}); RestangularProvider.setDefaultHeaders({X_REST_CORS: 'Yes'}); RestangularProvider.setDefaultHttpFields({cache: false});

我希望这有帮助......

相关问题
最新问题