我的xhr请求的资源仅在iframe中返回代码406
这是iframe内的脚本中的xhr代码:
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp12' . $orderID . '=new XMLHttpRequest();
} else { // code for IE6, IE5
xmlhttp12' . $orderID . '=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp12' . $orderID . '.onreadystatechange=function() {
if (this.readyState==4 && this.status==200) {
//Execute code here...
}
}
xmlhttp12' . $orderID . '.open("GET","../../scheduling/php/cron.php?error=true&name=' . $cname . '&id=' . $orderID . '&address=' . mysqli_real_escape_string($conn,str_replace("#","",$address)) . '&city=' . mysqli_real_escape_string($conn,$city) . '&state=' . $state . '&zip=' . $zip . '",true);
xmlhttp12' . $orderID . '.send();
以下是控制台中显示的“请求标头”:
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,da;q=0.8,pt;q=0.7,fr;q=0.6,la;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Cookie: PHPSESSID=f15733e5f59c258ae3a2d50640531810
Host: marketforceapp.com
Pragma: no-cache
Referer: http://marketforceapp.com/marketforce/scheduling/php/sync-
orders.php?dbName=mburton9_mf_allsteelcarports&xx=%3C? php%20echo%20rand();%20?%3E&fn=Mike%20Burton&edit_route=&schedule_state=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
以下是控制台中显示的响应标题:
Connection: keep-alive
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 08 Feb 2019 16:42:05 GMT
Server: nginx/1.14.1
为完成这项工作,似乎需要设置Origin Header,但它似乎并没有自动设置。
如果尝试手动设置,则会出现错误:
Refused to set unsafe header
我需要弄清楚如何在iframe中使用此资源。有什么建议吗?
答案 0 :(得分:0)
据我了解,此iframe位于其他主机上的网站上,请尝试在您的cron.php标头Access-Control-Allow-Origin: *