tornado处理跨域问题
Posted hsmwlyl
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了tornado处理跨域问题相关的知识,希望对你有一定的参考价值。
报错信息一:
Access to XMLHttpRequest at ‘http://localhost:4445/api/v/getmsg‘ from origin ‘http://localhost:9528‘ has been blocked by CORS policy: Response to preflight request doesn‘t pass access control check: The value of the ‘Access-Control-Allow-Origin‘ header in the response must not be the wildcard ‘*‘ when the request‘s credentials mode is ‘include‘. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
解决: 将设置的响应头 "Access-Control-Allow-Origin" 修改为特定的域名, 不能使用 "*"
报错信息二:
Access to XMLHttpRequest at ‘http://localhost:4445/api/v/getmsg‘ from origin ‘http://localhost:9528‘ has been blocked by CORS policy: Response to preflight request doesn‘t pass access control check: The value of the ‘Access-Control-Allow-Credentials‘ header in the response is ‘‘ which must be ‘true‘ when the request‘s credentials mode is ‘include‘. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
解决: 增加一行配置, "Access-Control-Allow-Credentials" value="true"
报错信息三:
Access to XMLHttpRequest at ‘http://localhost:4445/api/v/getmsg‘ from origin ‘http://localhost:9528‘ has been blocked by CORS policy: Response to preflight request doesn‘t pass access control check: It does not have HTTP ok status.
原因:
浏览器请求接口时会发送两个请求,一个是预请求,相当于确认请求(OPTIONS),第二个请求才是你要发送的真正的请求,而这个错误信息说明的是第一个OPTINOS请求失败,在服务端没有处理这个method为OPTIONS的请求,需要对它处理一下, 服务端只需要再写一个options 方法, 并且返回200状态码即可。
第一种:No ‘Access-Control-Allow-Origin‘ header is present on the requested resource
,并且The response had HTTP status code 404
XMLHttpRequest cannot load http://b.domain.com, Response to preflinght request doesn‘t pass access control check: No ‘Access-Control-Allow-Origin‘ header is present on the requested resource. Origin ‘http://a.domain.com‘ is therefore not allowed access. The Response had HTTP status code 404.
ps.并且The response had HTTP status code 404
问题原因:服务器端后台没有允许OPTIONS请求
第二种:No ‘Access-Control-Allow-Origin‘ header is present on the requested resource
,并且The response had HTTP status code 405
XMLHttpRequest cannot load http://b.domain.com, Response to preflinght request doesn‘t pass access control check: No ‘Access-Control-Allow-Origin‘ header is present on the requested resource. Origin ‘http://a.domain.com‘ is therefore not allowed access. The Response had HTTP status code 405.
ps.并且The response had HTTP status code 405
问题原因:服务器端后台允许了OPTIONS请求,但是某些安全配置阻止了OPTIONS请求
第三种:No ‘Access-Control-Allow-Origin‘ header is present on the requested resource
,并且The response had HTTP status code 200
XMLHttpRequest cannot load http://b.domain.com, Response to preflinght request doesn‘t pass access control check: No ‘Access-Control-Allow-Origin‘ header is present on the requested resource. Origin ‘http://a.domain.com‘ is therefore not allowed access.
ps.并且The response had HTTP status code 200
问题原因:服务器端后台允许了OPTIONS请求,并且OPTIONS请求没有被阻止,但是头部不匹配。
第四种:heade contains multiple values ‘*,*‘
,并且The response had HTTP status code 200
XMLHttpRequestcannot load http://b.domain.com. The ‘Access-Control-Allow-Origin‘ header contains multiple values‘*, *‘, but only one is allowed. Origin ‘http://a.domain.com‘ is therefore notallowed access.
ps.并且The response had HTTP status code 200
问题原因:设置多次Access-Control-Allow-Origin=*,可能是配置的人对CORS实现原理和机制不了解导致。
以上是关于tornado处理跨域问题的主要内容,如果未能解决你的问题,请参考以下文章
使用 jQuery 和 Tornado 进行跨域资源共享 (CORS)
python3 tornado api + angular8 + nginx 跨域问题