egi*_*dra 25 javascript django backbone.js tastypie
当我尝试使用AJAX和Tastypie执行HTTP请求时,在为Tastypie资源使用ApiKeyAuthentication时出现以下错误:
XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.
关于如何解决这个问题的任何想法?
以下是Chrome的请求标头:
Request Headersview source
Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers
Access-Control-Request-Method:
GET
以下是Chrome的响应标头:
Response Headersview source
Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization
Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:0
Content-Type:
text/html; charset=utf-8
Date:Fri, 11 May 2012 21:38:35 GMT
Server:nginx
如您所见,它们都有用于授权的标头,但授权不起作用.
这是我用来编辑响应头的django中间件:https: //gist.github.com/1164697
编辑:我发现了问题.我试图连接到www.domain.com,它只接受domain.com
Man*_*tto 58
Antyrat的答案并不完整.
您必须指定服务器允许的标头; 在您的情况下授权.
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization
这是因为同源策略.
您需要从请求所在的同一域进行AJAX调用.或者进行服务器端更改,允许来自外部域的请求.
要解决此问题,您需要在http://domain.com中对标头进行更改,方法是在标头中添加外部域:
Access-Control-Allow-Origin: *
阅读更多
| 归档时间: |
|
| 查看次数: |
40045 次 |
| 最近记录: |