XMLHttpRequest无法加载资源

Question

我试图制作一个简单的php后端来处理另一台服务器中的联系表单，但是尽管添加了正确的标题，它仍然给我相同的错误信息：

XMLHttpRequest cannot load https://php-contact-form-lual.herokuapp.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4000' is therefore not allowed access. The response had HTTP status code 404.

这是ajax请求：

$.ajax({
    type: 'POST',
    url: 'https://php-contact-form-lual.herokuapp.com/',
    data: {
            subject: 'subject',
            to: 'receiver',
            name: $('#name').val(),
            email: $('#email').val(),
            msg: $('#msg').val()
            }
    }) // then the callbacks

这是php：

<?php

    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  // return only the headers and not the content
  // only allow CORS if we're doing a POST - i.e. no saving for now.
  if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Headers: X-Requested-With');
  }
  exit;
}

// handling the data    
$subject = $_POST['subject'];
$to      = $_POST['to'];
$name    = $_POST['name'];
$email   = $_POST['email'];
$msg     = $_POST['msg'];
$msg     = "DE: " . $name . " (" . $email .")" . "\n\n" . $msg;

mail($to, $subject, $msg);

?>

请注意＆＃34;处理数据之前的代码行＆＃34;阻止来自this answer，我也尝试使用同一答案的第一部分中提供的更简单的解决方案 - 也在其他地方找到 - 甚至用特定的URL替换星号，但结果是相同的： （

任何帮助将不胜感激：）

更新：记录我在服务器端尝试的内容（从最旧版本到最新版本）：

// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    exit(0);
}

------------------------------------------

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, OPTIONS");

-----------------------------------------

header("Access-Control-Allow-Origin: http://localhost:4000");
header("Access-Control-Allow-Methods: POST, OPTIONS");

-----------------------------------------

header("Access-Control-Allow-Origin: http://localhost:4000");
header("Access-Control-Allow-Methods: POST, OPTIONS, GET");

-----------------------------------------

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
        header('Access-Control-Allow-Origin: *');
        header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');
    }
    exit;
}

------------------------------------------

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
        header('Access-Control-Allow-Origin: *');
        header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');
    }
    exit;
}

// + sending headers though ajax

------------------------------------------

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');

-------------------------------------------

# created .htaccess file with this line:
Header set Access-Control-Allow-Origin "*" 

------------------------------------------

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS, GET');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');

---------------------------------------------

header('Access-Control-Allow-Origin: http://localhost:4000');
header('Access-Control-Allow-Methods: POST, OPTIONS, GET');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers');

-----------------------------------------------

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  // return only the headers and not the content
  // only allow CORS if we're doing a POST - i.e. no saving for now.
  if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Headers: X-Requested-With');
  }
  exit;
}

--------------------------------------------------

header('Origin: http://localhost:4000');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');

有条件的信息

请求标题

POST / HTTP/1.1
Host: php-contact-form-lual.herokuapp.com
Connection: keep-alive
Content-Length: 88
Accept: */*
Origin: http://localhost:4000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:4000/contacto/
Accept-Encoding: gzip, deflate, br
Accept-Language: es,en-GB;q=0.8,en;q=0.6,de;q=0.4

回复标题

HTTP/1.1 404 Not Found
Connection: keep-alive
Date: Sat, 17 Dec 2016 16:10:02 GMT
Server: Apache
Content-Length: 198
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 vegur

Answer 1

我发现服务器返回 404错误。这表明您在index.php下的https://php-contact-form-lual.herokuapp.com/index.php文件中没有上面的 PHP 代码。

另外，请考虑您是否真的需要https。服务器是否也接受单http个请求，如果是，为什么不尝试在没有SSL的情况下使用它？

最后，您是否尝试使用jQuery $.ajax dataType: "jsonp"和JSON.stringify({}) $.ajax data的对象将数据作为JSON数据传递？

Answer 2

问题是404状态代码。它甚至没有达到你输入的代码。

1. 你有

   吗？

   $app->post('/', function() use($app) {
       // This is the route you need to edit.
   });
   

2. 您有路线的“何时”或其他条件？如果是，请暂时将其删除。

3. 您必须具有针对https的配置吗？我还注意到你在http（403）与https（404）上有不同的设置，默认情况下Heroku为http和https提供相同的代码，除非你在Silex的config中设置。

4. 一旦你开始工作（即不是404），你需要在响应的同时返回Access-Control-Allow-Origin标题（正如你在“我试过的”中所做的那样） “例子。之后有一个”退出“实际上会阻止返回的内容并不完全有用。（你需要在重定向/位置标题之后”退出“，但不是在这里）。

其他说明：

• 如果您正在尝试创建一个“简单”的PHP后端，为什么选择Heroku？你不是真的在编写PHP代码，而是编写Symphony，Silex，Twig以及所有其他意味着你在文档和库中过度使用的库。
• 当你使用Heroku时，有一个SwiftMailer接口（可以帮助你保证mail()安全！

Answer 3

我提出了一个非常简单的测试用例（假设有一些本地服务器或mac等）

文件1：site1 / index.php

<script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
<script>
$
    .ajax({
        type: 'POST',
        url: 'http://127.0.0.1:7772',
        data: {
            subject: 'foo bar 123',
        }
    })
    .done(function(data) {
        alert(data);
    });
</script>
Site 1 - sending data

文件2：site2 / index.php

<?php

header('Access-Control-Allow-Origin: *');

echo "You posted " . $_POST['subject'];

启动两个本地“服务器”，如果你在Mac上，你可以执行以下操作：

cd ./site1/
php -S 127.0.0.1:7771

cd ../site2/
php -S 127.0.0.1:7772

现在转到127.0.0.1:7771，您应该会看到一个显示site2内容的警报。

现在注释掉网站2中的header行：

// header('Access-Control-Allow-Origin: *');

并刷新127.0.0.1:7771，你应该回到第一个方面，错误为：No 'Access-Control-Allow-Origin' header is present on the requested resource

“工作”响应/请求标头：

“不工作”回复/请求标题：

我强调您不应在生产网站中添加header('Access-Control-Allow-Origin: *');。但是你需要缩小问题的范围，这应该足以应对错误/错误配置的地方

Answer 4

有没有htaccess文件？

是的？

然后你可以试试这个吗？

int sub_board[3][3] = board[1][2];

不是吗？

您可以将此htaccess转换为php Header标记。此处转换示例 How to convert my htaccess code to php header