我正在尝试通过 Javascript 连接到 hood.ie:
hoodie = new Hoodie('http://example.com:6001');
但随后出现错误:A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'xxx' is therefore not allowed access.
和:
hoodie = new Hoodie('http://example.com');
給予404
...
我可以连接到localhost
:6001
和:6002
用于公共/管理员,因此端口可以正常工作(也适用于外部 example.com )
但在 devconsole 中我得到:
OPTIONS: http://example.com:6001/_api/_session
'Access-Control-Allow-Origin'
当凭证标志为真时,不能在标头中使用通配符“*” 。来源'http://example.com' 因此不允许访问。'
我已经配置了 Apache2:
<VirtualHost *:80>
DocumentRoot /var/www
Header set Access-Control-Allow-Origin *
Header add Access-Control-Allow-Headers "origin, content-type"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials "false"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Credentials "false"
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
并尝试了额外的方法:
<VirtualHost *:6001>
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Credentials "false"
</VirtualHost>
尝试过:
Header set Access-Control-Allow-Credentials false
Header set Access-Control-Allow-Credentials 'false'
Header set Access-Control-Allow-Credentials true
...etc
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Origin "example.com"
尝试了所有可能的变化,但仍然出现相同的错误......
但我想知道是否必须在不同的地方进行设置,因为服务www
的目录:6001
位于我的主文件夹中的某个地方,而不是在 var/www 中,但仍然有效,我不知道 apache 如何处理它,或者知道位置,或者 hood.ie 是否启动了自己的 web 服务。
答案1
答案2
我会猜测“Hoodie” 正在使用 XMLHttpRequest 发送 cookie(withCredentials =“true”),因此您的浏览器拒绝来自服务器的响应,因为它在允许的来源标头中有一个通配符。