问题描述
收到此错误消息:拒绝设置不安全的标头Origin"
使用此代码:
function getResponse() {
document.getElementById("_receivedMsgLabel").innerHTML += "getResponse() called.<br/>";
if (receiveReq.readyState == 4 || receiveReq.readyState == 0) {
receiveReq.open("GET", "http://L45723:1802", true, "server", "server123"); //must use L45723:1802 at work.
receiveReq.onreadystatechange = handleReceiveMessage;
receiveReq.setRequestHeader("Origin", "http://localhost/");
receiveReq.setRequestHeader("Access-Control-Request-Origin", "http://localhost");
receiveReq.timeout = 0;
var currentDate = new Date();
var sendMessage = JSON.stringify({
SendTimestamp: currentDate,
Message: "Message 1",
Browser: navigator.appName
});
receiveReq.send(sendMessage);
}
}
我做错了什么?为了使这个 CORS 请求正常工作,我在标头中遗漏了什么?
What am I doing wrong? What am I missing in the header to make this CORS request work?
我尝试删除 receiveReq.setRequestHeader("Origin", ...) 调用,但 Google Chrome 在我的 receiveReq.open() 调用中引发访问错误...
I tried removing the receiveReq.setRequestHeader("Origin", ...) call but then Google Chrome throws an access error on my receiveReq.open() call...
为什么?
推荐答案
这只是一个猜测,因为我使用 jquery 处理 ajax 请求,包括 CORS.
This is just a guess, as I use jquery for ajax requests, including CORS.
我认为浏览器应该设置标题,而不是你.如果您能够设置标题,那将破坏安全功能的目的.
I think the browser is supposed to set the header, not you. If you were able to set the header, that would defeat the purpose of the security feature.
在不设置这些标头的情况下尝试请求,看看浏览器是否为您设置了它们.
Try the request without setting those headers and see if the browser sets them for you.
这篇关于拒绝设置不安全的标头“Origin"使用谷歌浏览器的 xmlHttpRequest 时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
大气响应式网络建站服务公司织梦模板
高端大气html5设计公司网站源码
织梦dede网页模板下载素材销售下载站平台(带会员中心带筛选)
财税代理公司注册代理记账网站织梦模板(带手机端)
成人高考自考在职研究生教育机构网站源码(带手机端)
高端HTML5响应式企业集团通用类网站织梦模板(自适应手机端)