好的,我尝试使用ajax从http://api.example.com访问http://example.com以获取相关信息。
问题是我在http://api.example.com上有2个文件,其中一个我可以从http://example.com访问,另一个我可以访问,但它们都有相同的标题访问控制允许来源。
服务器文件是这样写的(它们在中间被剪切,因为这里只有标题是重要的):
的header.php
<?php
header("Content-Type: application/json; charset=utf-8");
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}", false);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
...
?>
AddUser.php CORS正在此处
<?php
include_once 'header.php';
$GLOBALS['LOG']->printLog(1, "*********** Start AddUser.php ***********");
$responseName = "";
$responseValue = "";
$info = Utils::getRequestInfo();
if($info == null ||
isset($info['role']) == false ||
isset($info['username']) == false ||
isset($info['fname']) == false ||
isset($info['lname']) == false ||
isset($info['email']) == false ||
isset($info['pass']) == false)
{
$responseName = ERROR_TEXT;
$responseValue = ErrorStrings::$AddUser;
}
else
{ ...
?>
UserLogin.php CORS在这里工作
<?php
include_once 'header.php';
$GLOBALS['LOG']->printLog(1, "*********** Start Login.php ***********");
$responseName = "";
$responseValue = "";
$info = Utils::getRequestInfo();
if($info == null ||
isset($info['pass']) == false ||
isset($info['username']) == false)
{
$responseName = ERROR_TEXT;
$responseValue = ErrorStrings::$NonExistingUser;
}
else
{...
?>
使用以下代码的ajax对这些页面进行调用:
function AddUser(modalId, formObj) // CORS working
{
callback = function(data)
{
};
url = "AddUser.php";
params = {
role: formObj[0].value,
username: formObj[1].value,
pass: formObj[2].value,
email: formObj[3].value,
fname: formObj[4].value,
lname: formObj[5].value
};
CallAjax(serverUrl + url, 'POST', null, params, callback, null);
}
function UserLogin(username, password) // CORS not working
{
url = "UserLogin.php";
params = {
username: username,
pass: password
};
callback = function(data)
{
if(data != null)
{
if(data[responseSuccessText] != null)
{
username = data[responseSuccessText][0];
token = data[responseSuccessText][1];
setCookie(<?php echo USERNAME; ?>, username, 365);
setCookie(<?php echo TOKEN ?>, token, 365);
location.reload();
}
else
{
showTextInResponseModal(data[responseErrorText]);
}
}
};
CallAjax(serverUrl + url, 'POST', null, params, callback, null);
}
// Call an ajax request from another page - NEW
function CallAjax(url, method, timeout, params, callbackSuccess, callbackError)
{
if(method == null) method == "POST";
if(callbackSuccess == null) callbackSuccess = function(){};
if(callbackError == null) callbackError = function(){};
if(timeout == null) timeout = 1000 * 60;
//params = JSON.stringify(params);
$.ajax({
url: url,
method: method,
data: params,
contentType: "application/x-www-form-urlencoded",
//dataType: "application/json",
timeout: timeout,
success: function(result, status, xhr){callbackSuccess(result);},
error: function(xhr, status, error){callbackError(xhr, status, error);}
});
}
更新
Chrome中的照片显示了请求的标题和信息
Login request info - not working
Add user request info - working
我从chrome中的不成功请求中得到的错误是
XMLHttpRequest cannot load http://api.XXXXXX/UserLogin.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://XXXXXXX' is therefore not allowed access. The response had HTTP status code 500.