javascript - CORS header missing 'Access-Control-Allow-Origin' how to solve?

Question

<html>
    <head>
        <meta http-equiv="access-control-allow-origin" content="https://openapi.lechange.cn">
        <script type="text/javascript" src="js/jquery-1.11.3.min.js"></script>
        <script>
            $.post('https://openapi.lechange.cn/openapi/accessToken',{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"},function(data){console.log(data);},'json');
        </script>
    </head>
    <body>
        <a></a>
    </body>
</html>

When running on Firefox, the following error message appears. Cross-origin request blocked: The same-origin policy prohibits reading the remote resource located at https://openapi.lechange.cn/o... (Cause: CORS header 'Access-Control-Allow-Origin' is missing).
The solution to searching online is to add a header to the requested page. This cannot be handled, and other methods cannot solve it. How to solve it?

Answer 1

CORS generally does not need to be configured in the browser. The browser finds that this cross-origin AJAX request is a simple request, and automatically adds an Origin field to the header information. The Origin field is used to indicate which source (protocol) this request comes from. + domain name + port).
The server decides whether to agree to the request based on this value, which means that the server will have a whitelist indicating which sources are allowed, and Access-Control-Allow-Origin is included in the response header whitelist.
The browser finds that the header information of this response does not contain the Access-Control-Allow-Origin field, so it knows that something went wrong, and throws an error. That is, the prompt you encountered is that the return result was intercepted by the browser, and It’s not that the request cannot be sent.

So what you need is to configure this whitelist on the server, not change the page.

For the principle of CORS, you can refer to this article
For how to configure tomcat, you can read this document

Answer 2

Can you use jsonp across domains?

$.ajax({
    url: 'https://openapi.lechange.cn/openapi/accessToken',
    type: 'post',
    dataType:'jsonp',
    data: '{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"}',
    success:function(data){
       console.log(data);
     },
})

Answer 3

cors does not require front-end configuration, let your back-end engineers configure it on the server

Answer 4

Nginx add header support

Answer 5

Use node or python to write a crawler relay or add a proxy

Answer 6

Paste the following code at the top of the server-side entry file

After going online, it is best to change the * in Access-Control-Allow-Origin: * to a specific domain name that allows access

header('Access-Control-Allow-Origin:*');
header('Access-Control-Allow-Methods:HEAD,GET,POST,OPTIONS,PATCH,PUT,DELETE');
header('Access-Control-Allow-Headers:Origin,X-Requested-With,Authorization,Content-Type,Accept,Z-Key');