【问题标题】:Request header field Access-Control-Allow-Origin is not allowed请求头域 Access-Control-Allow-Origin 是不允许的
【发布时间】:2016-10-22 08:46:13
【问题描述】:

我正在使用PHP 开发RESTFul API。例如,以下代码适用于这些 API:

<?php

    require('includes/config.php');  

        $data = array();

        try {
                $stmt = $db->query('SELECT postID, postTitle, postDesc, postDate,tags FROM blog_posts where inMain=inMain ORDER BY postID DESC  LIMIT 5');
                $error = false;
                $message = "ok";
                $i=0;
                while($row = $stmt->fetch()){

                    $tags = explode(",",$row['tags']);  
                    $finalTags = array();           
                    foreach($tags as $item) {
                        if($item != '' && $item != ' '){
                            array_push($finalTags,strtolower(trim($item)));
                        }
                    }   

                    array_push($data, [
                      'id'   => $row['postID'],
                      'title' => $row['postTitle'],
                      'desc' => $row['postDesc'],
                      'date' => $row['postDate'],
                      'tags' => $finalTags
                    ]);

                }
            } catch(PDOException $e) {
                $message = $e->getMessage();
                $error = true;
            }
    $response = array();
    $response["data"] = $data;
    $response["error"] = $error;
    $response["message"] = $message;

header('Access-Control-Allow-Origin: *');  
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT');
header('Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers');
header('Content-Type: application/json');

echo json_encode($response);
?>

从浏览器调用这个 API 可以正常工作。但是当我从 JavaScript 调用它时,我收到以下错误:

XMLHttpRequest cannot load http://www.example.com/api/v1/getPostsInMain.php. Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.

我正在尝试从 AngularJs 调用此 API,如下所示:

app.factory("Data", ['$http', 'toaster',
    function ($http, toaster) { // This service connects to our REST API

        var serviceBase = 'http://www.example/v1/';
        var conf= { headers:  {
            'Access-Control-Allow-Origin':'*',
            'Access-Control-Allow-Methods': 'GET, POST, PATCH, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers': 'Origin, Content-Type, X-Auth-Token',
            'Content-Type': 'application/json'
         }
        };

        var obj = {};
        obj.toast = function (data) {

            toaster.pop(data.status, "", data.message, 10000, 'trustedHtml');
        }
        obj.get = function (q) {
            return $http.get(serviceBase + q,conf).then(function (results) {
                return results.data;
            });
        };
        obj.post = function (q, object) {
              return $http.post(serviceBase + q, object, conf).then(function (results) {
                return results.data;
            });
        };
        return obj;
}]);

这里有什么问题?因为您可以在请求和响应中设置所需的标头?是否与托管我使用有关?

【问题讨论】:

    标签: php angularjs json api access-control


    【解决方案1】:

    服务器(PHP)也需要允许 CORS。将以下标头添加到 PHP 脚本的开头:

    header("Access-Control-Allow-Origin: *");
    

    【讨论】:

    • 标头必须在从服务器发送任何输出之前。所以,它应该在 require('includes/config.php') 之前。
    猜你喜欢
    • 2016-08-03
    • 2013-12-09
    • 2013-11-23
    • 2015-06-17
    • 2013-09-09
    • 2012-03-08
    • 2016-04-24
    • 2012-06-07
    相关资源
    最近更新 更多