\n\n\n\n

\u5bfc\u8bfb<\/td>\n

\u200b \u5728 HTML \u4e2d\uff0c<a><\/code>, <form><\/code>, <img><\/code>, <script><\/code>, <iframe><\/code>, <link><\/code> \u7b49\u6807\u7b7e\u4ee5\u53ca Ajax \u90fd\u53ef\u4ee5\u6307\u5411\u4e00\u4e2a\u8d44\u6e90\u5730\u5740\uff0c\u800c\u6240\u8c13\u7684\u8de8\u57df\u8bf7\u6c42<\/strong>\u5c31\u662f\u6307\uff1a\u5f53\u524d\u53d1\u8d77\u8bf7\u6c42\u7684\u57df\u4e0e\u8be5\u8bf7\u6c42\u6307\u5411\u7684\u8d44\u6e90\u6240\u5728\u7684\u57df\u4e0d\u4e00\u6837\u3002\u8fd9\u91cc\u7684\u57df\u6307\u7684\u662f\u8fd9\u6837\u7684\u4e00\u4e2a\u6982\u5ff5\uff1a\u6211\u4eec\u8ba4\u4e3a\u82e5\u534f\u8bae + \u57df\u540d + \u7aef\u53e3\u53f7\u5747\u76f8\u540c\uff0c\u90a3\u4e48\u5c31\u662f\u540c\u57df\u3002<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\u90a3NGINX\u5982\u4f55\u914d\u7f6e\u8de8\u57df\u8bf7\u6c42\uff0c\u8de8\u57df\u8bf7\u6c42\u5931\u8d25\u65f6\u62a5\u9519:\u00a0 \n403 No 'Access-Control-Allow-Origin' header is present on the requested resource<\/code> \n<\/p>\n nginx \u914d\u7f6e<\/strong><\/div>\n<\/strong><\/p>\n \u6bd4\u5982\u8bf7\u6c42\u7684\u63a5\u53e3\u662f:\u00a0http:\/\/www.test.com\/exchangeApi\/xxxx<\/p>\n server {\r\n listen 80<\/span>;\r\n server_name test.com www.test.com;\r\n root \/data\/web\/homepage;\r\n index index.html;\r\n\r\n location \/ {\r\n \r\n }\r\n\r\n location ~ \/exchangeApi\/ {\r\n add_header Access-Control-Allow-Origin *;\r\n add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'<\/span>;\r\n add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'<\/span>;\r\n\r\n if<\/span> ($request_method = 'OPTIONS'<\/span>) {\r\n return<\/span> 204<\/span>;\r\n }\r\n\r\n ....\r\n }\r\n}\r\n<\/code><\/pre>\n\u8fd9\u6837\u5373\u53ef\u914d\u7f6e\u5b8c\u6210\u5bf9\u4e8e \/exchangeApi\/ \u8fd9\u4e2a\u8d44\u6e90\u8bf7\u6c42\u7684\u8de8\u57df\u8bf7\u6c42.<\/p>\n \u5bf9\u4e8e\u8de8\u57df\u5934\u90e8\u7684\u89e3\u91ca <\/strong><\/div>\nAccess-Control-Allow-Origin<\/strong><\/p>\n \u670d\u52a1\u5668\u9ed8\u8ba4\u662f\u4e0d\u88ab\u5141\u8bb8\u8de8\u57df\u7684\u3002\u7ed9Nginx\u670d\u52a1\u5668\u914d\u7f6eAccess-Control-Allow-Origin *<\/code>\u540e\uff0c\u8868\u793a\u670d\u52a1\u5668\u53ef\u4ee5\u63a5\u53d7\u6240\u6709\u7684\u8bf7\u6c42\u6e90\uff08Origin\uff09,\u5373\u63a5\u53d7\u6240\u6709\u8de8\u57df\u7684\u8bf7\u6c42\u3002<\/p>\n Access-Control-Allow-Headers<\/strong><\/p>\n \u662f\u4e3a\u4e86\u9632\u6b62\u51fa\u73b0\u4ee5\u4e0b\u9519\u8bef\uff1a<\/p>\n Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.<\/code><\/p>\n \u8fd9\u4e2a\u9519\u8bef\u8868\u793a\u5f53\u524d\u8bf7\u6c42Content-Type\u7684\u503c\u4e0d\u88ab\u652f\u6301\u3002\u5176\u5b9e\u662f\u6211\u4eec\u53d1\u8d77\u4e86\"application\/json\"\u7684\u7c7b\u578b\u8bf7\u6c42\u5bfc\u81f4\u7684\u3002<\/p>\n Access-Control-Allow-Methods<\/strong><\/p>\n \u662f\u4e3a\u4e86\u9632\u6b62\u51fa\u73b0\u4ee5\u4e0b\u9519\u8bef\uff1a<\/p>\n Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.<\/code><\/p>\n return 204<\/strong><\/p>\n \u7ed9OPTIONS \u6dfb\u52a0 204\u7684\u8fd4\u56de\uff0c\u662f\u4e3a\u4e86\u5904\u7406\u5728\u53d1\u9001POST\u8bf7\u6c42\u65f6Nginx\u4f9d\u7136\u62d2\u7edd\u8bbf\u95ee\u7684\u9519\u8bef. \u53d1\u9001\"\u9884\u68c0\u8bf7\u6c42\"\u65f6\uff0c\u9700\u8981\u7528\u5230\u65b9\u6cd5 OPTIONS ,\u6240\u4ee5\u670d\u52a1\u5668\u9700\u8981\u5141\u8bb8\u8be5\u65b9\u6cd5\u3002<\/p>\n \u9884\u68c0\u8bf7\u6c42( preflight request) <\/strong><\/div>\nCROS (Cross-origin resource sharing): \u5168\u79f0\u662f\u8de8\u57df\u8d44\u6e90\u5171\u4eab, \u53ef\u4ee5\u89e3\u51b3\u8de8\u57df\u8bf7\u6c42\u7684\u95ee\u9898.<\/p>\n CORS \u6807\u51c6\u65b0\u589e\u4e86\u4e00\u7ec4 HTTP \u9996\u90e8\u5b57\u6bb5\uff0c\u5141\u8bb8\u670d\u52a1\u5668\u58f0\u660e\u54ea\u4e9b\u6e90\u7ad9\u6709\u6743\u9650\u8bbf\u95ee\u54ea\u4e9b\u8d44\u6e90\u3002<\/p>\n \u89c4\u8303\u8981\u6c42\uff0c\u5bf9\u90a3\u4e9b\u53ef\u80fd\u5bf9\u670d\u52a1\u5668\u6570\u636e\u4ea7\u751f\u526f\u4f5c\u7528\u7684HTTP \u8bf7\u6c42\u65b9\u6cd5, \u7279\u522b\u662f GET \u4ee5\u5916\u7684 HTTP \u8bf7\u6c42\uff0c\u6216\u8005\u642d\u914d\u67d0\u4e9b MIME \u7c7b\u578b\u7684 POST \u8bf7\u6c42\uff0c\u6d4f\u89c8\u5668\u5fc5\u987b\u9996\u5148\u4f7f\u7528\u00a0OPTIONS<\/strong>\u00a0\u65b9\u6cd5\u53d1\u8d77\u4e00\u4e2a\u9884\u68c0\u8bf7\u6c42\uff08preflight request\uff09\uff0c\u4ece\u800c\u83b7\u77e5\u670d\u52a1\u7aef\u662f\u5426\u5141\u8bb8\u8be5\u8de8\u57df\u8bf7\u6c42\u3002\u670d\u52a1\u5668\u786e\u8ba4\u5141\u8bb8\u4e4b\u540e\uff0c\u624d\u53d1\u8d77\u5b9e\u9645\u7684 HTTP \u8bf7\u6c42\u3002\u5728\u9884\u68c0\u8bf7\u6c42\u7684\u8fd4\u56de\u4e2d\uff0c\u670d\u52a1\u5668\u7aef\u4e5f\u53ef\u4ee5\u901a\u77e5\u5ba2\u6237\u7aef\uff0c\u662f\u5426\u9700\u8981\u643a\u5e26\u8eab\u4efd\u51ed\u8bc1\uff08\u5305\u62ec Cookies \u548c HTTP \u8ba4\u8bc1\u76f8\u5173\u6570\u636e\uff09.<\/p>\n Content-Type \u5b57\u6bb5\u7684\u7c7b\u578b\u4e3a\u00a0application\/json<\/code>\u00a0\u7684\u8bf7\u6c42\u5c31\u662f\u4e0a\u9762\u6240\u8bf4\u7684\u642d\u914d\u67d0\u4e9b MIME \u7c7b\u578b\u7684 POST \u8bf7\u6c42. CORS\u89c4\u5b9a\uff0cContent-Type\u4e0d\u5c5e\u4e8e\u4ee5\u4e0bMIME\u7c7b\u578b\u7684\uff0c\u90fd\u5c5e\u4e8e\u9884\u68c0\u8bf7\u6c42\uff1a<\/p>\n application\/x-www-form-urlencoded\r\nmultipart\/form-data\r\ntext\/plain\r\n<\/code><\/pre>\n\u6240\u4ee5\u00a0application\/json<\/code>\u00a0\u7684\u8bf7\u6c42\u4f1a\u5728\u6b63\u5f0f\u901a\u4fe1\u4e4b\u524d\uff0c\u589e\u52a0\u4e00\u6b21\"\u9884\u68c0\"\u8bf7\u6c42\uff0c\u8fd9\u6b21\"\u9884\u68c0\"\u8bf7\u6c42\u4f1a\u5e26\u4e0a\u5934\u90e8\u4fe1\u606f\u00a0Access-Control-Request-Headers: Content-Type<\/code>\u00a0\uff1a<\/p>\n OPTIONS \/api\/test HTTP\/1.1\r\nOrigin: http:\/\/foo.example\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: Content-Type\r\n...\r\n<\/code><\/pre>\n\u670d\u52a1\u5668\u56de\u5e94\u65f6\uff0c\u8fd4\u56de\u7684\u5934\u90e8\u4fe1\u606f\u5982\u679c\u4e0d\u5305\u542bAccess-Control-Request-Headers: Content-Type\u5219\u8868\u793a\u4e0d\u63a5\u53d7\u975e\u9ed8\u8ba4\u7684\u7684Content-Type\u3002\u5373\u51fa\u73b0\u4ee5\u4e0b\u9519\u8bef\uff1a<\/p>\n Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.<\/code><\/p>\n","protected":false},"excerpt":{"rendered":" \u90a3NGINX\u5982\u4f55\u914d\u7f6e\u8de8\u57df\u8bf7\u6c42\uff0c\u8de8\u57df\u8bf7\u6c42\u5931\u8d25\u65f6\u62a5\u9519:\u00a0 403 No ‘Access-Control-Allow […]<\/p>\n","protected":false},"author":643,"featured_media":205482,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-205472","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/205472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/comments?post=205472"}],"version-history":[{"count":10,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/205472\/revisions"}],"predecessor-version":[{"id":205584,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/205472\/revisions\/205584"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media\/205482"}],"wp:attachment":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media?parent=205472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/categories?post=205472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/tags?post=205472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}