我在另一个工作区的工作区和服务器端有一个客户端。
我在服务器工作区中有Cross orgin。
res.header('Access-Conrol-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, OPTIONS');
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Max-Age', '86400');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
但是从客户端调用时遇到错误
Mixed Content: The page at 'https://blogclient-vignesh55.c9users.io/?_c9_id=livepreview1&_c9_host=https://ide.c9.io#/home' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://10.237.69.147:15871/cgi-bin/blockpage.cgi?ws-session=18446744072714596624'. This request has been blocked; the content must be served over HTTPS
答案 0 :(得分:2)
此处的问题不是同源政策,但您的网页正在混合http和https来电。确保使用与//someurl.com等协议无关的网址,或者只在整个项目中使用一个协议。
PS:如果您确实阅读了错误消息,它会告诉您:
必须通过HTTPS提供内容
您尝试通过http调用它:
http://xx.xx.xx.xx:15871/cgi-bin/blockpage.cgi?ws-session=XXX