CORS header 'Access-Control-Allow-Origin' missing

问题:

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

var url= 'http://anotherdomain/test.json';         $.ajax({             url: url,             crossOrigin: true,             type: 'GET',             xhrFields: { withCredentials: true },             accept: 'application/json'         }).done(function (data) {             alert(data);                         }).fail(function (xhr, textStatus, error) {             var title, message;             switch (xhr.status) {                 case 403:                     title = xhr.responseJSON.errorSummary;                     message = 'Please login to your server before running the test.';                     break;                 default:                     title = 'Invalid URL or Cross-Origin Request Blocked';                     message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';                     break;             }         }); 

I've done alternate way but still unable to find the solution.

Note: I've no server rights to make server side(API/URL) changes.

回答1:

This happens generally when you try access another domain's resources.

This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

When the code send the request, you shall have a "200 OK" response code in your browser console, which means that the resource is accessed, but it does not grant the right to share that resource. It does this by not allowing "Access-Control-Allow-Origin".

To change that, you have to write this in the .htaccess of the requested domain file (notyourdomain.com):

         Header set Access-Control-Allow-Origin "*"     

Another solution is to manually copy the file to your server/domain :)

Peace and code ;)

回答2:

in your ajax request, adding:

dataType: "jsonp", 

after line :

type: 'GET', 

should solve this problem ..

hope this help you

回答3:

You have to modify your server side code, as given below

public class CorsResponseFilter implements ContainerResponseFilter { @Override public void filter(ContainerRequestContext requestContext,   ContainerResponseContext responseContext)     throws IOException {         responseContext.getHeaders().add("Access-Control-Allow-Origin","*");         responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");    } } 

回答4:

Your browser not allow your request .. you need to install addon your web browser

For Chrome: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en

For Firefox https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/

文章来源: CORS header 'Access-Control-Allow-Origin' missing