看了看网上关于CROS的,大概明白非简单请求的流程。先Options请求,然后协商成功后,在正式请求。
怎么搞都搞不定。。。做一次伸手党了我是在header里自定义了两个值做校验。
浏览器就报下面的跨域问题。。。
已拦截跨源请求:同源策略禁止读取位于 http://111.231.56.227:12084/monitor/detailMission 的远程资源。(原因:来自 CORS 预检通道的 CORS 头 'Access-Control-Allow-Headers' 的令牌 'appid' 无效)。
JS代码
var form = new FormData();
form.append("mission_id", "245d14793c0e4f4fa936755cd558841a");
var settings = {
"async": true,
"crossDomain": true,
"url": "http://111.231.56.227:12084/monitor/detailMission",
"method": "POST",
"headers": {
"appId": "0000815",
"appSecret": "cbd88ab8822fa",
},
"processData": false,
"contentType": false,
"mimeType": "multipart/form-data",
"data": form
};
$.ajax(settings).done(function (response) {
console.log(response);
});
PHP Action
header('Content-type: application/json');
header('Access-Control-Allow-Origin:*');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS'){
header('Access-Control-Allow-Methods:POST');
header('Access-Control-Allow-Headers:*');
header('Access-Control-Mas-Age:3600');
$this->returnSuccess();
}
$this->checkAppIdAndSecret();
$id = $this->getPost('mission_id');
大家说headers不能用*,因此改了一下
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");
Methods也加上OPTIOHS,GET,PUT啥的了换了个报错
4 回答
慕勒3428872
TA贡献1848条经验 获得超6个赞
Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers.
Access-Control-Allow-Headers不接受通配符。
cors-access-control-allow-headers-wildcard-being-ignored
补充
注意拼写错误,响应允许的是appSecert,请求发送的是appSecret。
天涯尽头无女友
TA贡献1831条经验 获得超9个赞
你后端header 没有允许 appid, appSecret。
PHP 添加
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");
- 4 回答
- 0 关注
- 1001 浏览
添加回答
举报
0/150
提交
取消