drh96824
2011-12-16 16:32
浏览 199
已采纳

access-control-allow-origin不起作用

I'm integrating the API system into my website, however I got this message from Google chrome's console: XMLHttpRequest cannot load https://api.mysocialsync.com/. Origin https://www.mysocialsync.com is not allowed by Access-Control-Allow-Origin.

Now luckely I know what that error means and I tried to solve it (also with help of other stackoverflow pages) but none of the solutions worked, even

header("access-control-allow-origin: *");

didn't do the trick.

I'm out of idea's unfortunatly, I hope there is someone here who has an solution to this.

My server is running PHP5 with suhosin.

图片转代码服务由CSDN问答提供 功能建议

我正在将API系统集成到我的网站中,但是我从Google Chrome控制台收到此消息:XMLHttpRequest无法加载 https://api.mysocialsync.com/ 。 Access-Control-Allow-Origin不允许 https://www.mysocialsync.com

现在我知道这个错误意味着什么,我试图解决它(也有其他stackoverflow页面的帮助),但没有一个解决方案有效,甚至

   header(“access-control-allow-origin:*”); 
   
 
 

没有做到这一点。

我的想法很不幸,我希望这里有人有解决方案。

我的服务器运行带有suhosin的PHP5。 < / DIV>

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongtuo2373 2011-12-16 17:10
    已采纳

    It's not your website that should be sending the Access-Control-Allow-Origin header, but the website you are requesting (i.e. the MySocialSync API). If the header would work the way you think it does, you could e.g. read a user's private Facebook messages and do other nasty cross-site data requests.

    I'd recommend contacting the API creators to have them add the header.

    已采纳该答案
    打赏 评论

相关推荐 更多相似问题