helloxielan 2014-08-26 17:44 采纳率: 0%
浏览 125

IE 11,XMLHttpRequest和CORS

I'm trying to access an API service (via XMLHttpRequest/ajax) hosted on a sub-domain (ie: a client on app.samedomain.com will call out to api.samedomain.com) that requires specific headers to be set for security purposes, but I keep getting Access is denied errors. All the solutions I've found say the client/end user must add the site to the "Trusted Sites" security zone, but obviously this is not a real solution. What do I need to do to access an external site with specific headers?

Example Code:

var getUserById = function (user, callback, error) {
  $.support.cors = true; 
  var endpoint = _getApiVersion() + '/person/model/' + user.userId;
  var _headers = _setHeaders(endpoint, null, user, 'GET');
    type: 'GET',
    beforeSend: function (request)
      request.setRequestHeader("api-key", _headers['api-key']);
      request.setRequestHeader("timestamp", _headers['timestamp']);
      request.setRequestHeader("content-md5", _headers['content-md5']);
      request.setRequestHeader("content-type", _headers['content-type']);
      request.setRequestHeader("signature", _headers['signature']);
      request.setRequestHeader("Access-Control-Allow-Origin", "*");
    url: _getBaseUrl() + endpoint,
    data: null,
    contentType: 'application/json',
    dataType: 'json',
    success: callback,
    error: error

Thanks in advance,

  • 写回答

3条回答 默认 最新

  • MAO-EYE 2014-08-26 17:46

    Are you trying to get data that is not in the same domain as the requester? If that is the case the only option is to proxy the original request via a service so XMLHttpRequest has access to it.




  • ¥15 手机应用的时间可以修改吗
  • ¥15 docker 运行OPEN-webui异常
  • ¥15 麒麟系统如何删除光盘刻录痕迹
  • ¥15 recipe通过gem协议传的是什么
  • ¥15 TS2307: Cannot find module 'cc'.
  • ¥15 100小时学会sap 书上pp章节5.22,标准成本计算逻辑?
  • ¥50 达梦数据库误删日志文件重做DAMENG01.log启动仍然-712错误
  • ¥15 cellranger化学处理类型报错
  • ¥15 用texstudio插入图片出现下面情况,怎么办
  • ¥15 ubantu 用samba挂载windows的共享文件夹,无法挂载二级目录和修改文件