weixin_33698043 2014-09-26 20:26 采纳率: 0%
浏览 38

CORS无法在Angular中工作?

I am trying to GET information from this site https://bitcoinindex.es/api/v0.1/coinbase/usd/btc/last

Using the $http service

After looking all over the internet Here is my code in coffeescript

angular.module('blackmoonApp')
  .controller 'PricingCtrl', ($scope, $http) ->
    $http.defaults.useXDomain = true
    $http.get("https://bitcoinindex.es/api/v0.1/coinbase/usd/btc/last",
      headers:
        "Access-Control-Allow-Origin": "*"
    ).success (JSON) ->
      console.log JSON

The Result is 

"XMLHttpRequest cannot load https://www.bitstamp.net/api/ticker/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access."

I am not sure if the website is blocking me (which wouldn't make sense because it is an API) or if AngularJS isn't able to work with CORS.

  • 写回答

2条回答 默认 最新

  • 撒拉嘿哟木头 2014-09-26 20:30
    关注

    Access-Control-Allow-Origin is a response header.

    This:

      headers:
    "Access-Control-Allow-Origin": "*"

    … sets a request header.

    You need to set it on https://www.bitstamp.net/api/ticker/, not in your JavaScript.

    It would defeat the object if any JavaScript could grant itself permission to access any server.

    I am not sure if the website is blocking me (which wouldn't make sense because it is an API)

    Blocking is the default behaviour. Explicit permission must be granted to allow JavaScript from other origins access. Otherwise anyone with a bitstamp account could have their bitcoins stolen by visiting a website that used the API (since it would be their browser, with their cookies, making the request).

    评论
  • weixin_33676492 2014-09-26 20:32
    关注

    From your code:

    $http.get("https://www.bitstamp.net/api/ticker/",
  headers:
    "Access-Control-Allow-Origin": "*"
)

    We see that you are attempting to send the Access-Control-Allow-Origin header in the GET request.

    CORS doesn't work that way; the Access-Control-Allow-Origin header must be present in the response sent by the server (and, of course, such header must include the exact same domain of the page that sent the request).

    From my tests (unlikely, but your results may differ):

    • https://bitcoinindex.es/api/v0.1/coinbase/usd/btc/last only allows CORS requests from its own domain (the response had Access-Control-Allow-Origin:https://bitcoinindex.es) which is kind of pointless; and
    • https://www.bitstamp.net/api/ticker/ didn't have the Access-Control-Allow-Origin header at all.
    评论

报告相同问题?

悬赏问题

  • ¥15 虚拟机vmnet8 nat模式可以ping通主机,主机也能ping通虚拟机,但是vmnet8一直未识别怎么解决,其次诊断结果就是默认网关不可用
  • ¥20 求各位能用我能理解的话回答超级简单的一些问题
  • ¥15 yolov5双目识别输出坐标代码报错
  • ¥15 这个代码有什么语法错误
  • ¥15 给予STM32按键中断与串口通信
  • ¥15 使用QT实现can通信
  • ¥15 关于sp验证的一些东西,求告知如何解决,
  • ¥35 关于#javascript#的问题:但是我写的只能接码数字和字符,帮我写一个解码JS问题
  • ¥15 prophet运行报错,如何解决?
  • ¥15 用GPU跑pytorch搭建的LSTM的时候出现了奇怪的报错