search

Home  >  Q&A  >  body text

javascript - CORS header missing 'Access-Control-Allow-Origin' how to solve?

<html>
    <head>
        <meta http-equiv="access-control-allow-origin" content="https://openapi.lechange.cn">
        <script type="text/javascript" src="js/jquery-1.11.3.min.js"></script>
        <script>
            $.post('https://openapi.lechange.cn/openapi/accessToken',{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"},function(data){console.log(data);},'json');
        </script>
    </head>
    <body>
        <a></a>
    </body>
</html>

When running on Firefox, the following error message appears. Cross-origin request blocked: The same-origin policy prohibits reading the remote resource located at https://openapi.lechange.cn/o... (Cause: CORS header 'Access-Control-Allow-Origin' is missing).
The solution to searching online is to add a header to the requested page. This cannot be handled, and other methods cannot solve it. How to solve it?

黄舟黄舟2739 days ago2191

reply all(6)I'll reply

  • 天蓬老师

    天蓬老师2017-05-16 13:18:09

    CORS generally does not need to be configured in the browser. The browser finds that this cross-origin AJAX request is a simple request, and automatically adds an Origin field to the header information. The Origin field is used to indicate which source (protocol) this request comes from. + domain name + port).
    The server decides whether to agree to the request based on this value, which means that the server will have a whitelist indicating which sources are allowed, and Access-Control-Allow-Origin is included in the response header whitelist.
    The browser finds that the header information of this response does not contain the Access-Control-Allow-Origin field, so it knows that something went wrong, and throws an error. That is, the prompt you encountered is that the return result was intercepted by the browser, and It’s not that the request cannot be sent.

    So what you need is to configure this whitelist on the server, not change the page.

    For the principle of CORS, you can refer to this article
    For how to configure tomcat, you can read this document

    reply
    0
  • 仅有的幸福

    仅有的幸福2017-05-16 13:18:09

    Can you use jsonp across domains?

    $.ajax({
        url: 'https://openapi.lechange.cn/openapi/accessToken',
        type: 'post',
        dataType:'jsonp',
        data: '{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"}',
        success:function(data){
           console.log(data);
         },
    })

    reply
    0
  • 高洛峰

    高洛峰2017-05-16 13:18:09

    cors does not require front-end configuration, let your back-end engineers configure it on the server

    reply
    0
  • 高洛峰

    高洛峰2017-05-16 13:18:09

    Nginx add header support

    reply
    0
  • ringa_lee

    ringa_lee2017-05-16 13:18:09

    Use node or python to write a crawler relay or add a proxy

    reply
    0
  • 淡淡烟草味

    淡淡烟草味2017-05-16 13:18:09

    Paste the following code at the top of the server-side entry file

    After going online, it is best to change the * in Access-Control-Allow-Origin: * to a specific domain name that allows access

    header('Access-Control-Allow-Origin:*');
    header('Access-Control-Allow-Methods:HEAD,GET,POST,OPTIONS,PATCH,PUT,DELETE');
    header('Access-Control-Allow-Headers:Origin,X-Requested-With,Authorization,Content-Type,Accept,Z-Key');

    reply
    0
  • Cancelreply