jquery - Pourquoi mon code JavaScript reçoit-il une erreur "No 39;Access-Control-Allow-OriginΖ#39, alors que Postman ne fait pas

97

<?php header('Access-Control-Allow-Origin: *'); ?> 

// The following property can be used to configure cross-origin resource sharing // in the HTTP nodes. // See https://github.com/troygoode/node-cors#configuration-options for // details on its contents. The following is a basic permissive set of options: httpNodeCors: {  origin: "*",  methods: "GET,PUT,POST,DELETE" }, 

$ pip install -U flask-cors 

from flask_cors import CORS 

from flask import Flask from flask_cors import CORS  app = Flask(__name__) CORS(app)  @app.route("/") def helloWorld():   return "Hello, cross-origin-world!" 

87

<httpProtocol>     <customHeaders>         <add name="Access-Control-Allow-Origin" value="*" />     </customHeaders> </httpProtocol> 

$.ajax({     url: 'http://mysite.microsoft.sample.xyz.com/api/mycall',     headers: {         'Content-Type': 'application/x-www-form-urlencoded'     },     type: "POST", /* or type:"GET" or type:"PUT" */     dataType: "json",     data: {     },     success: function (result) {         console.log(result);     },     error: function () {         console.log("error");     } }); 

System.Net.WebClient wc = new System.Net.WebClient(); string str = wc.DownloadString("http://mysite.microsoft.sample.xyz.com/api/mycall"); 

76

fetch('http://example.com/api', {method: 'POST'});

Look on chrome-console > network tab

fetch('http://example.com/api', {    method: 'POST',    headers: { 'Content-Type': 'application/json'}  });

Look in chrome-console -> network tab to 'api' request.  This is the OPTIONS request (the server does not allow sending a POST request)

location ~ ^/index\.php(/|$) {     ...      add_header 'Access-Control-Allow-Origin' "$http_origin" always;      add_header 'Access-Control-Allow-Credentials' 'true' always;      if ($request_method = OPTIONS) {          add_header 'Access-Control-Allow-Origin' "$http_origin"; # DO NOT remove THIS LINES (doubled with outside 'if' above)          add_header 'Access-Control-Allow-Credentials' 'true';          add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';          add_header 'Access-Control-Allow-Headers' 'My-First-Header,My-Second-Header,Authorization,Content-Type,Accept,Origin';          add_header 'Content-Length' 0;          add_header 'Content-Type' 'text/plain charset=UTF-8';          return 204;      }  }

# ------------------------------------------------------------------------------  # | Cross-domain Ajax requests                                                 |  # ------------------------------------------------------------------------------    # Enable cross-origin Ajax requests.  # http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity  # http://enable-cors.org/    # <IfModule mod_headers.c>  #    Header set Access-Control-Allow-Origin "*"  # </IfModule>    # Header set Header set Access-Control-Allow-Origin "*"  # Header always set Access-Control-Allow-Credentials "true"    Access-Control-Allow-Origin "http://your-page.com:80"  Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"  Header always set Access-Control-Allow-Headers "My-First-Header,My-Second-Header,Authorization, content-type, csrf-token"