Mir*_*age 6 cross-domain cross-domain-policy cors angularjs restangular
I have domain sub.example.com with configured restangular:
RestangularProvider.setDefaultHeaders({
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest'
});
RestangularProvider.setDefaultHttpFields({
'withCredentials': true
});
Then I'm building other factory via:
return Restangular.withConfig(function(RestangularProvider) {
RestangularProvider.setBaseUrl('http://api.example.com');
});
And, obviously, getting error No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://sub.example.com' is therefore not allowed access.. How should I configure server/client to get working crossdomain requests?
// upd
I'm using Yii on backend and sending next header
header('Access-Control-Allow-Origin: *', true);
我找到了解决方案.
首先,当使用凭证时 - 我们不能使用*来访问Access-Control-Allow-Origin.然后,XHR发送应该处理好的OPTIONS请求并发送CORS头.
// scheme required, here can be multiple origins concatenated by space if using credentials
header('Access-Control-Allow-Origin: http://sub.example.com');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Accept, X-Requested-With');
// without credentials we can use * for origin
header('Access-Control-Allow-Credentials: true');
header('HTTP/1.1 200 OK', true);
然后我们可以简单地使用crossdomain ajax请求.
| 归档时间: |
|
| 查看次数: |
11220 次 |
| 最近记录: |