如何使用 Access-Control-Allow-Origin?它只是在 html head 标签之间吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7015782/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?
提问by davis
I've been reading about Access-Control-Allow-Originbecause it seems effective at allowing cross domain requests since I have access to the external site. My question ism how do I use Access-Control-Allow-Originto allow cross domain requests. I tried this (don't laugh) (by the way all I want is for a single number, 1 or 0 to be returned)
我一直在阅读,Access-Control-Allow-Origin因为它在允许跨域请求方面似乎很有效,因为我可以访问外部站点。我的问题是如何使用Access-Control-Allow-Origin允许跨域请求。我试过了(别笑)(顺便说一下,我想要的是一个数字,返回 1 或 0)
<html>
<head>
Access-Control-Allow-Origin: *
</head>
<body>
1
</body>
</html>
Am I close? Thanks for your help. If there is an easier way to do a simple cross-domain request let me know.
我很亲近吗?谢谢你的帮助。如果有更简单的方法来执行简单的跨域请求,请告诉我。
采纳答案by Bryan Field
That is an HTTP header. You would configure your webserver or webapp to send this header ideally. Perhaps in htaccess or PHP.
那是一个 HTTP 标头。您将配置您的网络服务器或网络应用程序以理想地发送此标头。也许在 htaccess 或 PHP 中。
Alternatively you might be able to use
或者你可以使用
<head>...<meta http-equiv="Access-Control-Allow-Origin" content="*">...</head>
<head>...<meta http-equiv="Access-Control-Allow-Origin" content="*">...</head>
I do not know if that would work. Not all HTTP headers can be configured directly in the HTML.
我不知道这是否可行。并非所有 HTTP 标头都可以直接在 HTML 中配置。
This works as an alternative to many HTTP headers, but see @EricLaw's comment below. This particular header is different.
这可以作为许多 HTTP 标头的替代方案,但请参阅下面的@EricLaw评论。这个特定的标题是不同的。
Caveat
警告
This answer is strictly about how to set headers. I do not know anything about allowing cross domain requests.
这个答案严格关于如何设置标题。我对允许跨域请求一无所知。
About HTTP Headers
关于 HTTP 标头
Every request and response has headers. The browser sends this to the webserver
每个请求和响应都有标头。浏览器将此发送到网络服务器
GET /index.htm HTTP/1.1
Then the headers
然后是标题
Host: www.example.com
User-Agent: (Browser/OS name and version information)
.. Additional headers indicating supported compression types and content types and other info
Then the server sends a response
然后服务器发送响应
Content-type: text/html
Content-length: (number of bytes in file (optional))
Date: (server clock)
Server: (Webserver name and version information)
Additional headers can be configured for example Cache-Control, it all depends on your language (PHP, CGI, Java, htaccess) and webserver (Apache, etc).
例如Cache-Control,可以配置其他标头,这完全取决于您的语言(PHP、CGI、Java、htaccess)和网络服务器(Apache 等)。
回答by mbokil
There are 3 ways to allow cross domain origin (excluding jsonp):
有 3 种方法可以允许跨域来源(不包括jsonp):
1) Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail.
1)直接使用PHP等模板语言在页面中设置页眉。请记住,标题前不能有 HTML,否则会失败。
<?php header("Access-Control-Allow-Origin: http://example.com"); ?>
2) Modify the server configuration file (apache.conf) and add this line. Note that "*"represents allow all. Some systems might also need the credential set. In general allow all access is a security risk and should be avoided:
2) 修改服务器配置文件 ( apache.conf) 并添加这一行。请注意,"*"代表允许所有。某些系统可能还需要凭据集。一般来说,允许所有访问是一种安全风险,应该避免:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials true
3) To allow multiple domains on Apache web servers add the following to your config file
3) 要允许 Apache Web 服务器上的多个域,请将以下内容添加到您的配置文件中
<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www\.)?(example.org|example.com)$" AccessControlAllowOrigin=open -a Google\ Chrome --args --disable-web-security --user-data-dir
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule>
4) For development use only hack your browser and allow unlimited CORS using the Chrome Allow-Control-Allow-Origin extension
4) 对于开发用途,仅使用 Chrome Allow-Control-Allow-Origin 扩展来破解您的浏览器并允许无限制的 CORS
5) Disable CORS in Chrome: Quit Chrome completely. Open a terminal and execute the following. Just be cautious you are disabling web security:
5) 在 Chrome 中禁用 CORS:完全退出 Chrome。打开终端并执行以下操作。请小心您禁用网络安全:
@CrossOrigin(origins = "*")
回答by Laurent
If you use Java and spring MVC you just need to add the following annotation to your method returning your page :
如果您使用 Java 和 spring MVC,您只需要在返回页面的方法中添加以下注释:
<?php header("Access-Control-Allow-Origin: http://example.com"); ?>
"*" is to allow your page to be accessible from anywhere. See https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Access-Control-Allow-Originfor more details about that.
“*”是为了让您的页面可以从任何地方访问。有关更多详细信息,请参阅https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Access-Control-Allow-Origin。
回答by Jakub Ujvvary
This command disables only first console warning info
此命令仅禁用第一个控制台警告信息
Result: console result
结果: 控制台结果
