<html>
<head>
<meta http-equiv="access-control-allow-origin" content="https://openapi.lechange.cn">
<script type="text/javascript" src="js/jquery-1.11.3.min.js"></script>
<script>
$.post('https://openapi.lechange.cn/openapi/accessToken',{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"},function(data){console.log(data);},'json');
</script>
</head>
<body>
<a></a>
</body>
</html>
When running on Firefox, the following error message appears. Cross-origin request blocked: The same-origin policy prohibits reading the remote resource located at https://openapi.lechange.cn/o... (Cause: CORS header 'Access-Control-Allow-Origin' is missing).
The solution to searching online is to add a header to the requested page. This cannot be handled, and other methods cannot solve it. How to solve it?
天蓬老师2017-05-16 13:18:09
CORS generally does not need to be configured in the browser. The browser finds that this cross-origin AJAX request is a simple request, and automatically adds an Origin field to the header information. The Origin field is used to indicate which source (protocol) this request comes from. + domain name + port).
The server decides whether to agree to the request based on this value, which means that the server will have a whitelist indicating which sources are allowed, and Access-Control-Allow-Origin is included in the response header whitelist.
The browser finds that the header information of this response does not contain the Access-Control-Allow-Origin field, so it knows that something went wrong, and throws an error. That is, the prompt you encountered is that the return result was intercepted by the browser, and It’s not that the request cannot be sent.
So what you need is to configure this whitelist on the server, not change the page.
For the principle of CORS, you can refer to this article
For how to configure tomcat, you can read this document
仅有的幸福2017-05-16 13:18:09
Can you use jsonp across domains?
$.ajax({
url: 'https://openapi.lechange.cn/openapi/accessToken',
type: 'post',
dataType:'jsonp',
data: '{"system":{"ver":"1.0","sign":"5326bdd79317a8cd215b649e75e042b6","appid":"lace1fdddaa5de4393","time":"1491895621","nonce":"49735441495760803893403522385895","appSecret":"6d5c2c727dbb4ba78fac5a0e9ece82"},"params":{"phone":"17691260000"},"id":"80"}',
success:function(data){
console.log(data);
},
})
高洛峰2017-05-16 13:18:09
cors does not require front-end configuration, let your back-end engineers configure it on the server
淡淡烟草味2017-05-16 13:18:09
Paste the following code at the top of the server-side entry file
After going online, it is best to change the * in
Access-Control-Allow-Origin: *
to a specific domain name that allows access
header('Access-Control-Allow-Origin:*');
header('Access-Control-Allow-Methods:HEAD,GET,POST,OPTIONS,PATCH,PUT,DELETE');
header('Access-Control-Allow-Headers:Origin,X-Requested-With,Authorization,Content-Type,Accept,Z-Key');