【发布时间】:2016-03-30 02:26:52
【问题描述】:
我尝试从我的角度登录服务发布:
$http.post('https://xyz/login',
{
headers: {
'Content-type': 'application/json',
'Accept': 'application/json',
'signature': 'asd'
}
我得到这个错误:
XMLHttpRequest cannot load https://xyz/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1337' is therefore not allowed access.
我试过这个标题:
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
还有这些:
"Access-Control-Allow-Origin": "*";
"Access-Control-Allow-Headers": "X-Requested-With";
"Access-Control-Allow-Methods": "GET, POST", "PUT", "DELETE";
有趣的是,POSTMAN 可以工作。 我该怎么办?
谢谢。
【问题讨论】:
-
您的服务器上是否启用了 CORS?详情请参考enable-cors.org
-
嘿。这不是我的服务器,而是外部服务。我猜 cors 已启用,因为我可以得到 POSTMAN 的响应
-
POSTMAN 不运行正常的 Web 上下文并且不受同源策略的约束。见How does Same Origin Policy apply to browser extensions?
标签: javascript angularjs cross-domain cors access-control