您好我遇到了PHP和marionette.js的奇怪错误。我有一个由marionette.js(扩展backbone.js)构成的前端,它需要对我在其他URL上运行的后端API进行CORS调用。我已经覆盖了主干的同步功能以允许withCredentials和stuff:
var proxiedSync = Backbone.sync;
Backbone.sync = function(method, model, options) {
options || (options = {});
if (!options.crossDomain) {
options.crossDomain = true;
}
if (!options.xhrFields) {
options.xhrFields = {withCredentials:true};
}
return proxiedSync(method, model, options);
};
在我的Slim 3.5后端中,我为CORS标题设置了这个中间件:
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response->withHeader('Access-Control-Allow-Credentials', 'false')->withHeader('Access-Control-Allow-Origin', 'http://localhost:4000')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization, Session')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD');});
现在我在chrome调试工具中得到了当前的响应:
XMLHttpRequest无法加载xxxxx。当credentials标志为true时,不能在'Access-Control-Allow-Origin'标头中使用通配符'*'。因此,不允许原点“http://localhost:4000”访问。 XMLHttpRequest的凭证模式由withCredentials属性控制。
但是,当我查看“网络”选项卡并检查“请求标头”时,我可以清楚地看到Access-Control-Allow-Origin不是通配符,而是“http://localhost:4000”:
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2016 17:35:32 GMT
Server: Apache/2.4.17 (Win64) PHP/7.0.0
X-Powered-By: PHP/7.0.0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4000
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization, Session
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Length: 1130
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
编辑1:这里是我的选择路线
这是我的选择路线:
$app->options('/{routes:.+}', function ($request, $response, $args) {
return $response;
});
编辑2:预飞行响应和请求
好的,这里是预检响应请求标题的快速更新:
OPTIONS /devsea/login HTTP/1.1
Host: localhost
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:4000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:4000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,fr;q=0.6
以下是飞行前请求的响应标头:
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2016 00:49:38 GMT
Server: Apache/2.4.17 (Win64) PHP/5.6.16
X-Powered-By: PHP/5.6.16
Set-Cookie: UserSession=aemsvqf9b7u2c4isdhocq4mre7; expires=Fri, 16-Sep-2016 01:49:38 GMT; Max-Age=3600; path=/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4000
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization, Session
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, HEAD
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
答案 0 :(得分:0)
所以我知道这绝对没有意义。但重新启动我的开发机器后,一切都开始工作了。对不起,每个人都有麻烦,也许apache需要重启或其他什么。