Php 通配符'*';不能在';访问控制允许原点';即使它';这不是通配符
您好,我遇到了一个关于PHP和marionette.js的奇怪错误。我有一个由marionette.js(extensing backbone.js)组成的前端,它需要对另一个URL上运行的slim后端API进行CORS调用。我已覆盖主干网的同步功能,以允许使用凭据和其他内容:Php 通配符'*';不能在';访问控制允许原点';即使它';这不是通配符,php,ajax,backbone.js,cors,slim,Php,Ajax,Backbone.js,Cors,Slim,您好,我遇到了一个关于PHP和marionette.js的奇怪错误。我有一个由marionette.js(extensing backbone.js)组成的前端,它需要对另一个URL上运行的slim后端API进行CORS调用。我已覆盖主干网的同步功能,以允许使用凭据和其他内容: var proxiedSync = Backbone.sync; Backbone.sync = function(method, model, options) { options || (options
var proxiedSync = Backbone.sync;
Backbone.sync = function(method, model, options) {
options || (options = {});
if (!options.crossDomain) {
options.crossDomain = true;
}
if (!options.xhrFields) {
options.xhrFields = {withCredentials:true};
}
return proxiedSync(method, model, options);
};
在我的Slim 3.5后端中,我为我的CORS头设置了以下中间件:
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response->withHeader('Access-Control-Allow-Credentials', 'false')->withHeader('Access-Control-Allow-Origin', 'http://localhost:4000')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization, Session')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD');});
现在我在chrome调试工具中得到了当前响应:
XMLHttpRequest无法加载xxxxx。当凭据标志为true时,不能在“Access Control Allow Origin”标头中使用通配符“*”。因此,不允许访问源“”。XMLHttpRequest的凭据模式由withCredentials属性控制
但是,当我查看网络选项卡并检查请求头时,我可以清楚地看到访问控制允许源不是通配符,而是“”:
编辑1:这是我的选项路线
以下是我在slim中的选择路线:
$app->options('/{routes:.+}', function ($request, $response, $args) {
return $response;
});
编辑2:飞行前响应和请求
好,下面是飞行前响应请求标题的快速更新:
OPTIONS /devsea/login HTTP/1.1
Host: localhost
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:4000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:4000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,fr;q=0.6
以下是对飞行前请求的响应标题:
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2016 00:49:38 GMT
Server: Apache/2.4.17 (Win64) PHP/5.6.16
X-Powered-By: PHP/5.6.16
Set-Cookie: UserSession=aemsvqf9b7u2c4isdhocq4mre7; expires=Fri, 16-Sep-2016 01:49:38 GMT; Max-Age=3600; path=/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4000
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization, Session
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, HEAD
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
所以我知道这毫无意义。但是在重新启动我的开发机器之后,一切都开始工作了。抱歉给大家带来麻烦,可能apache需要重新启动或其他什么。所以我知道这毫无意义。但是在重新启动我的开发机器之后,一切都开始工作了。抱歉给大家带来麻烦,可能apache需要重新启动或做些什么。您的路线响应的内容与飞行前请求响应的内容不匹配。@geggleto知道我要在哪里修改它吗?请在中查找选项路线Slim@geggleto它已经设置好了,我已经更新了我的帖子,你可以看到。这可能与其他事情有关?不,有些事情没有意义。。。查看所有代码,发现您的航路响应的“*”与飞行前请求响应的“*”不匹配。@geggleto知道我要在哪里修改它吗?在中查找选项航路Slim@geggleto它已经设置好了,我已经更新了我的帖子,你可以看到。这可能与其他事情有关?不,有些事情没有意义。。。查看所有代码以找到“*”
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2016 00:49:38 GMT
Server: Apache/2.4.17 (Win64) PHP/5.6.16
X-Powered-By: PHP/5.6.16
Set-Cookie: UserSession=aemsvqf9b7u2c4isdhocq4mre7; expires=Fri, 16-Sep-2016 01:49:38 GMT; Max-Age=3600; path=/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4000
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization, Session
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, HEAD
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8