Cross-Origin Request Blocked

问题:

So I've got this Go http handler that stores some POST content into the datastore and retrieves some other info in response. On the back-end I use:

func handleMessageQueue(w http.ResponseWriter, r *http.Request) {     w.Header().Set("Access-Control-Allow-Origin", "*")     if r.Method == "POST" {          c := appengine.NewContext(r)          body, _ := ioutil.ReadAll(r.Body)          auth := string(body[:])         r.Body.Close()         q := datastore.NewQuery("Message").Order("-Date")          var msg []Message         key, err := q.GetAll(c, &msg)          if err != nil {             c.Errorf("fetching msg: %v", err)             return         }          w.Header().Set("Content-Type", "application/json")         jsonMsg, err := json.Marshal(msg)         msgstr := string(jsonMsg)         fmt.Fprint(w, msgstr)         return     } } 

In my firefox OS app I use:

var message = "content";  request = new XMLHttpRequest(); request.open('POST', 'http://localhost:8080/msgs', true);  request.onload = function () {     if (request.status >= 200 && request.status 

The incoming part all works along and such. However, my response is getting blocked. Giving me the following message:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS. 

I tried a lot of other things but there is no way I can just get a response from the server. However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad. I can't really decide which side goes wrong and why: it might be that Go shouldn't block these kinds of requests, but it also might be that my javascript is illegal.

回答1:

@Egidius, when creating an XMLHttpRequest, you should use

var xhr = new XMLHttpRequest({mozSystem: true}); 

What is mozSystem?

mozSystem Boolean: Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS. Requires setting mozAnon: true, i.e. this can't be combined with sending cookies or other user credentials. This only works in privileged (reviewed) apps; it does not work on arbitrary webpages loaded in Firefox.

Changes to your Manifest

On your manifest, do not forget to include this line on your permissions:

"permissions": {        "systemXHR" : {}, } 

回答2:

ERROR : Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at the url. This can be fixed by moving the resource to the same domain or enabling CORS. 

Solution :

i found solution cross-origin request bolcked "solved"

if you are working on web project and want to get data from different site , Sometime you get such type of error then you have to use use htaccess file in root folder of the serving server (not the receiving server)

update code

     Header set Access-Control-Allow-Origin "*"   

if you are a wordpress developer then update following code :

# BEGIN WordPress  RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]      Header set Access-Control-Allow-Origin "*"     # END WordPress  

thanks :) happy coding :

回答3:

You need other headers, not only access-control-allow-origin. If your request have the "Access-Control-Allow-Origin" header, you must copy it into the response headers, If doesn't, you must check the "Origin" header and copy it into the response. If your request doesn't have Access-Control-Allow-Origin not Origin headers, you must return "*".

You can read the complete explanation here: http://www.html5rocks.com/en/tutorials/cors/#toc-adding-cors-support-to-the-server

and this is the function I'm using to write cross domain headers:

func writeCrossDomainHeaders(w http.ResponseWriter, req *http.Request) {     // Cross domain headers     if acrh, ok := req.Header["Access-Control-Request-Headers"]; ok {         w.Header().Set("Access-Control-Allow-Headers", acrh[0])     }     w.Header().Set("Access-Control-Allow-Credentials", "True")     if acao, ok := req.Header["Access-Control-Allow-Origin"]; ok {         w.Header().Set("Access-Control-Allow-Origin", acao[0])     } else {         if _, oko := req.Header["Origin"]; oko {             w.Header().Set("Access-Control-Allow-Origin", req.Header["Origin"][0])         } else {             w.Header().Set("Access-Control-Allow-Origin", "*")         }     }     w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")     w.Header().Set("Connection", "Close")  } 

文章来源: Cross-Origin Request Blocked