問題描述

收到此錯誤消息:拒絕設置不安全的標頭Origin"

使用此代碼:

   function getResponse() {
            document.getElementById("_receivedMsgLabel").innerHTML += "getResponse() called.<br/>";
            if (receiveReq.readyState == 4 || receiveReq.readyState == 0) {
                receiveReq.open("GET", "http://L45723:1802", true, "server", "server123");  //must use L45723:1802 at work.
                receiveReq.onreadystatechange = handleReceiveMessage;
                receiveReq.setRequestHeader("Origin", "http://localhost/");
                receiveReq.setRequestHeader("Access-Control-Request-Origin", "http://localhost");
                receiveReq.timeout = 0;
                var currentDate = new Date();
                var sendMessage = JSON.stringify({
                    SendTimestamp: currentDate,
                    Message: "Message 1",
                    Browser: navigator.appName
                });
                receiveReq.send(sendMessage);

            }
        }

我做錯了什么?為了使這個 CORS 請求正常工作，我在標頭中遺漏了什么?

What am I doing wrong? What am I missing in the header to make this CORS request work?

我嘗試刪除 receiveReq.setRequestHeader("Origin", ...) 調用，但 Google Chrome 在我的 receiveReq.open() 調用中引發訪問錯誤...

I tried removing the receiveReq.setRequestHeader("Origin", ...) call but then Google Chrome throws an access error on my receiveReq.open() call...

為什么?

推薦答案

這只是一個猜測，因為我使用 jquery 處理 ajax 請求，包括 CORS.

This is just a guess, as I use jquery for ajax requests, including CORS.

我認為瀏覽器應該設置標題，而不是你.如果您能夠設置標題，那將破壞安全功能的目的.

I think the browser is supposed to set the header, not you. If you were able to set the header, that would defeat the purpose of the security feature.

在不設置這些標頭的情況下嘗試請求，看看瀏覽器是否為您設置了它們.

Try the request without setting those headers and see if the browser sets them for you.

這篇關于拒絕設置不安全的標頭“Origin"使用谷歌瀏覽器的 xmlHttpRequest 時的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！