javascript - Access-Control-Allow-Origin不允许起源(Origin is not allowed by Access-Control-Allow-Origin)

Question

I'm making an Ajax.request to a remote PHP server in a Sencha Touch 2 application (wrapped in PhoneGap ).

(我在Sencha Touch 2应用程序（包装在PhoneGap中 ）中向远程PHP服务器发出Ajax.request 。)

The response from the server is the following:

(服务器的响应如下：)

XMLHttpRequest cannot load http://nqatalog.negroesquisso.pt/login.php .

(XMLHttpRequest无法加载http://nqatalog.negroesquisso.pt/login.php 。)

Origin http://localhost:8888 is not allowed by Access-Control-Allow-Origin.

(Access-Control-Allow-Origin不允许使用来源http://localhost:8888 。)

How can I fix this problem?

(我该如何解决这个问题？)

  ask by Ricardo translate from so

Answer 1

I wrote an article on this issue a while back, Cross Domain AJAX .

(不久前，我写了一篇有关此问题的文章Cross Domain AJAX 。)

The easiest way to handle this if you have control of the responding server is to add a response header for:

(如果您控制响应服务器，最简单的方法是为以下项添加响应标头：)

Access-Control-Allow-Origin: *

This will allow cross-domain Ajax .

(这将允许跨域Ajax 。)

In PHP, you'll want to modify the response like so:

(在PHP中，您将需要像这样修改响应：)

<?php header('Access-Control-Allow-Origin: *'); ?>

You can just put the Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.

(您可以将Header set Access-Control-Allow-Origin *设置放入Apache配置或htaccess文件中。)

It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack .

(应该注意的是，这有效地禁用了CORS保护，这很可能使您的用户受到攻击 。)

If you don't know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:

(如果您不知道自己是否特别需要使用通配符，则不要使用它，而应该将特定域列入白名单：)

<?php header('Access-Control-Allow-Origin: http://example.com') ?>