收到此错误消息:
Refused to set unsafe header "Origin"
使用此代码:
function getResponse() {
document.getElementById("_receivedMsgLabel").innerHTML += "getResponse() called.<br/>";
if (receiveReq.readyState == 4 || receiveReq.readyState == 0) {
receiveReq.open("GET", "http://L45723:1802", true, "server", "server123"); //must use L45723:1802 at work.
receiveReq.onreadystatechange = handleReceiveMessage;
receiveReq.setRequestHeader("Origin", "http://localhost/");
receiveReq.setRequestHeader("Access-Control-Request-Origin", "http://localhost");
receiveReq.timeout = 0;
var currentDate = new Date();
var sendMessage = JSON.stringify({
SendTimestamp: currentDate,
Message: "Message 1",
Browser: navigator.appName
});
receiveReq.send(sendMessage);
}
}
我究竟做错了什么?标题中我缺少什么使这个CORS请求有效?
我尝试删除了receiveReq.setRequestHeader("Origin", ...)通话,但谷歌Chrome在我的receiveReq.open()通话中抛出了访问错误...
为什么?
这个问题与一年前提出的另一个问题有关.作者询问如何使用JavaScript和Wikipedia API制作cros-origin请求,其中一条评论是:
en.wikipedia.org似乎不允许使用CORS
并建议他改用JSONP.
我知道我可以使用JSONP,但如果可以使用它,我更喜欢CORS.
我试过jsfiddle
var url = "https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json";
$.ajax({
url: url,
data: 'query',
dataType: 'json',
type: 'POST',
headers: { 'Api-User-Agent': 'Example/1.0' },
origin: 'https://jsfiddle.net/',
success: function (data) {
console.log(data);
//do something with data
}});
并得到以下错误:
XMLHttpRequest无法加载 https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json.对预检请求的响应未通过访问控制检查:请求的资源上不存在"Access-Control-Allow-Origin"标头.因此,不允许来源" https://fiddle.jshell.net "访问.
请求标题:
authority:en.wikipedia.org
method:OPTIONS
path:/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json
scheme:https
accept:/
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4,fr-FR;q=0.2,ru;q=0.2,uk;q=0.2
access-control-request-headers:accept, api-user-agent, content-type
access-control-request-method:POST
origin:https://fiddle.jshell.net
referer:https://fiddle.jshell.net/_display/
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
响应标题:
accept-ranges:bytes
age:0
backend-timing:D=33198 t=1462749020308717
cache-control:no-cache
content-encoding:gzip
content-length:20 …我无法获得以下代码行来返回JSON,甚至无法运行嵌入其中的简单alert()函数。我知道网址是正确的,因为当我将其粘贴到浏览器中时,它将返回JSON。有人知道这可能是什么问题吗?
我已经在Chrome的CodePen和JSFiddle(确保包括jQuery)中进行了尝试,但是没有运气。
$.getJSON("https://en.wikipedia.org/w/api.php?action=query&prop=info&format=json&callback=?inprop=url&pageids=18630637"
, function(data) {
alert("success");
console.log(data);
});