在我的服务器上,.htaccess文件中包含以下内容:
Header set Access-Control-Allow-Origin "*"
我的PHP文件开头
<?php
header('Access-Control-Allow-Origin: *');
header("Content-Type: application/json; charset=UTF-8");
header('Access-Control-Allow-Methods: GET,POST,OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Origin');
header('Access-Control-Expose-Headers: X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint');
如果直接在浏览器中访问服务器并检查标题,则可以确认“ Access-Control-Allow-Origin”设置为“ *”。
但是当我尝试从本地计算机向该服务器打开XMLHttpRequest时,会得到:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at . (Reason: CORS header 'Access-Control-Allow-Origin' missing).
如果我尝试使用旨在“测试cors”的网站并将它们指向我的网址,它们就会给我:
XHR status: 0
如果我尝试基于cURL的客户端,则它们可以正常工作。