由于withCredentials

时间:2017-07-05 07:12:08

标签: javascript php xmlhttprequest

我的脚本出现问题,我收到了一条错误消息,例如

  

XMLHttpRequest无法加载https://igoblogging.com/likebutton/。该   “访问控制 - 允许 - 来源”的价值'响应中的标题必须   不是通配符' *'当请求的凭据模式是   '包括&#39 ;.起源' http://nielinfo.com'因此是不允许的   访问。由...发起的请求的凭据模式   XMLHttpRequest由withCredentials属性控制。

我尝试从跨域加载Cookie。这是我的javascript代码

var xhr = new XMLHttpRequest();
xhr.open('POST', linkbased+'/likebutton/',true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.withCredentials = true;
xhr.onreadystatechange = function () {
    if(this.readyState == 4 && this.status == 200) {
        if(document.getElementById("igblikebutton")){
            document.getElementById("igblikebutton").innerHTML = this.responseText;
        }
    }
}
xhr.send(data);

这是我的php脚本

header('Access-Control-Allow-Origin: http://nielinfo.com');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
header('Access-Control-Allow-Credentials: true');
echo $_COOKIE['username'];

以下是响应标题

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:*
Cache-Control:max-age=604800
Content-Type:text/html; charset=utf-8
Date:Wed, 05 Jul 2017 07:09:04 GMT
Expires:Wed, 12 Jul 2017 07:09:04 GMT
Server:Apache/2.4.25 (CentOS)
Strict-Transport-Security:max-age=2592000; preload
Transfer-Encoding:chunked
Upgrade:h2
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.4.45
X-Supported-By:Kloxo-MR 7.0
X-XSS-Protection:1;mode=block

这是请求标题

Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:82
Content-type:application/x-www-form-urlencoded
Cookie:__cfduid=d239fe9b5de5b706676a60c112ccbd5d01497599052; _ga=GA1.2.91093954.1497599466; kloxo-clientname=admin; kloxo-classname=client; kloxo-session-id=L5b4xFTJphHH9kQN1AidVz6jpQw2QuazpkJd4TmW4E71fXMOPb; __atuvc=1%7C25; HstCfa3839354=1498146551883; HstCla3839354=1498146551883; HstCmu3839354=1498146551883; HstPn3839354=1; HstPt3839354=1; HstCnv3839354=1; HstCns3839354=1; username=flameblue59; ip=118.136.215.7; PHPSESSID=9614c4fcf759c74577837fdd5dad1c3f
Host:igoblogging.com
Origin:http://nielinfo.com
Referer:http://nielinfo.com/who-is-dullahan-the-headless-rider-who-will-terrified-you/
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

奇怪的是,当我删除xhr.withCredentials时。它的工作正常,但饼干不会加载。我认为这个问题是因为withCredentials的用法。我真的很感激这里的解决方案。非常感谢你。

0 个答案:

没有答案
相关问题
最新问题