origin橘子平台平台上我和你的问题一样要什么权限,你怎么解决了
点击联系发帖人
时间:2014-11-28 22:30
Cross-Origin Request Blocked [跨域请求封锁] - 问题-字节技术
Cross-Origin Request Blocked
跨域请求封锁
问题 (Question)
So I've got this Go http handler that stores some POST content into the datastore and retrieves some other info in response. On the back-end I use:
func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "POST" {
c := appengine.NewContext(r)
body, _ := ioutil.ReadAll(r.Body)
auth := string(body[:])
r.Body.Close()
q := datastore.NewQuery("Message").Order("-Date")
var msg []Message
key, err := q.GetAll(c, &msg)
if err != nil {
c.Errorf("fetching msg: %v", err)
w.Header().Set("Content-Type", "application/json")
jsonMsg, err := json.Marshal(msg)
msgstr := string(jsonMsg)
fmt.Fprint(w, msgstr)
In my firefox OS app I use:
var message = "content";
request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);
request.onload = function () {
if (request.status &= 200 && request.status & 400) {
// Success!
data = JSON.parse(request.responseText);
console.log(data);
// We reached our target server, but it returned an error
console.log("server error");
request.onerror = function () {
// There was a connection error of some sort
console.log("connection error");
request.send(message);
The incoming part all works along and such. However, my response is getting blocked. Giving me the following message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.
I tried a lot of other things but there is no way I can just get a response from the server. However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad. I can't really decide which side goes wrong and why: it might be that Go shouldn't block these kinds of requests, but it also might be that my javascript is illegal.
所以我有这个HTTP处理程序去存储一些内容为数据存储和检索等信息的反应。在后端使用:func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "POST" {
c := appengine.NewContext(r)
body, _ := ioutil.ReadAll(r.Body)
auth := string(body[:])
r.Body.Close()
q := datastore.NewQuery("Message").Order("-Date")
var msg []Message
key, err := q.GetAll(c, &msg)
if err != nil {
c.Errorf("fetching msg: %v", err)
w.Header().Set("Content-Type", "application/json")
jsonMsg, err := json.Marshal(msg)
msgstr := string(jsonMsg)
fmt.Fprint(w, msgstr)
我用在我的Firefox OS应用:var message = "content";
request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);
request.onload = function () {
if (request.status &= 200 && request.status & 400) {
// Success!
data = JSON.parse(request.responseText);
console.log(data);
// We reached our target server, but it returned an error
console.log("server error");
request.onerror = function () {
// There was a connection error of some sort
console.log("connection error");
request.send(message);
输入部分的所有作品,如。然而,我的反应是堵住了。给我以下信息:Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.
我试过很多其他的东西,但也没有办法,我只能从服务器的响应。然而当我改变我的方法去获得通过后进入我所得到的数据,我想的那么坏的浏览器访问页面。我真的不能决定哪一方出错原因:这可能是去不应该阻止这些请求,但它也可能是我的JavaScript是非法的。
最佳答案 (Best Answer)
@Egidius, when creating an XMLHttpRequest, you should use
var xhr = new XMLHttpRequest({mozSystem: true});
What is mozSystem?
mozSystem Boolean: Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS. Requires setting mozAnon: true, i.e. this can't be combined with sending cookies or other user credentials. This only works in privileged (reviewed) it does not work on arbitrary webpages loaded in Firefox.
Changes to your Manifest
On your manifest, do not forget to include this line on your permissions:
"permissions": {
"systemXHR" : {},
“egidius,创建XMLHttpRequest的时候,你应该使用var xhr = new XMLHttpRequest({mozSystem: true});
mozsystem是什么?mozsystem布尔:设置此标志为true允许跨站点的连接而无需服务器选择使用CORS。需要设置mozanon:真的,即不能结合送饼干或其他用户的凭据。这仅在特权(审查)的应用程序;它不工作在任意网页加载在Firefox。你的表现的变化在你的清单,不要忘了包括线在你的权限:"permissions": {
"systemXHR" : {},}
答案 (Answer) 2
You need other headers, not only access-control-allow-origin.
If your request have the "Access-Control-Allow-Origin" header, you must copy it into the response headers, If doesn't, you must check the "Origin" header and copy it into the response. If your request doesn't have Access-Control-Allow-Origin not Origin headers, you must return "*".
You can read the complete explanation here:
and this is the function I'm using to write cross domain headers:
func writeCrossDomainHeaders(w http.ResponseWriter, req *http.Request) {
// Cross domain headers
if acrh, ok := req.Header["Access-Control-Request-Headers"]; ok {
w.Header().Set("Access-Control-Allow-Headers", acrh[0])
w.Header().Set("Access-Control-Allow-Credentials", "True")
if acao, ok := req.Header["Access-Control-Allow-Origin"]; ok {
w.Header().Set("Access-Control-Allow-Origin", acao[0])
if _, oko := req.Header["Origin"]; oko {
w.Header().Set("Access-Control-Allow-Origin", req.Header["Origin"][0])
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
w.Header().Set("Connection", "Close")
你需要其他的标题,不仅访问控制允许的起源。如果您的要求有“访问控制允许起源”的标题,你必须把它复制到响应头,如果没有,你必须检查“起源”头,把它复制到。如果您的要求没有访问控制允许非起源起源的标题,你必须返回“*”。你可以在这里阅读完整的解释:这是我用写跨域标题的功能:func writeCrossDomainHeaders(w http.ResponseWriter, req *http.Request) {
// Cross domain headers
if acrh, ok := req.Header["Access-Control-Request-Headers"]; ok {
w.Header().Set("Access-Control-Allow-Headers", acrh[0])
w.Header().Set("Access-Control-Allow-Credentials", "True")
if acao, ok := req.Header["Access-Control-Allow-Origin"]; ok {
w.Header().Set("Access-Control-Allow-Origin", acao[0])
if _, oko := req.Header["Origin"]; oko {
w.Header().Set("Access-Control-Allow-Origin", req.Header["Origin"][0])
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
w.Header().Set("Connection", "Close")
本文翻译自StackoverFlow,英语好的童鞋可直接参考原文:}
Cross-Origin Request Blocked
跨域请求封锁
问题 (Question)
So I've got this Go http handler that stores some POST content into the datastore and retrieves some other info in response. On the back-end I use:
func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "POST" {
c := appengine.NewContext(r)
body, _ := ioutil.ReadAll(r.Body)
auth := string(body[:])
r.Body.Close()
q := datastore.NewQuery("Message").Order("-Date")
var msg []Message
key, err := q.GetAll(c, &msg)
if err != nil {
c.Errorf("fetching msg: %v", err)
w.Header().Set("Content-Type", "application/json")
jsonMsg, err := json.Marshal(msg)
msgstr := string(jsonMsg)
fmt.Fprint(w, msgstr)
In my firefox OS app I use:
var message = "content";
request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);
request.onload = function () {
if (request.status &= 200 && request.status & 400) {
// Success!
data = JSON.parse(request.responseText);
console.log(data);
// We reached our target server, but it returned an error
console.log("server error");
request.onerror = function () {
// There was a connection error of some sort
console.log("connection error");
request.send(message);
The incoming part all works along and such. However, my response is getting blocked. Giving me the following message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.
I tried a lot of other things but there is no way I can just get a response from the server. However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad. I can't really decide which side goes wrong and why: it might be that Go shouldn't block these kinds of requests, but it also might be that my javascript is illegal.
所以我有这个HTTP处理程序去存储一些内容为数据存储和检索等信息的反应。在后端使用:func handleMessageQueue(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*")
if r.Method == "POST" {
c := appengine.NewContext(r)
body, _ := ioutil.ReadAll(r.Body)
auth := string(body[:])
r.Body.Close()
q := datastore.NewQuery("Message").Order("-Date")
var msg []Message
key, err := q.GetAll(c, &msg)
if err != nil {
c.Errorf("fetching msg: %v", err)
w.Header().Set("Content-Type", "application/json")
jsonMsg, err := json.Marshal(msg)
msgstr := string(jsonMsg)
fmt.Fprint(w, msgstr)
我用在我的Firefox OS应用:var message = "content";
request = new XMLHttpRequest();
request.open('POST', 'http://localhost:8080/msgs', true);
request.onload = function () {
if (request.status &= 200 && request.status & 400) {
// Success!
data = JSON.parse(request.responseText);
console.log(data);
// We reached our target server, but it returned an error
console.log("server error");
request.onerror = function () {
// There was a connection error of some sort
console.log("connection error");
request.send(message);
输入部分的所有作品,如。然而,我的反应是堵住了。给我以下信息:Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/msgs. This can be fixed by moving the resource to the same domain or enabling CORS.
我试过很多其他的东西,但也没有办法,我只能从服务器的响应。然而当我改变我的方法去获得通过后进入我所得到的数据,我想的那么坏的浏览器访问页面。我真的不能决定哪一方出错原因:这可能是去不应该阻止这些请求,但它也可能是我的JavaScript是非法的。
最佳答案 (Best Answer)
@Egidius, when creating an XMLHttpRequest, you should use
var xhr = new XMLHttpRequest({mozSystem: true});
What is mozSystem?
mozSystem Boolean: Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS. Requires setting mozAnon: true, i.e. this can't be combined with sending cookies or other user credentials. This only works in privileged (reviewed) it does not work on arbitrary webpages loaded in Firefox.
Changes to your Manifest
On your manifest, do not forget to include this line on your permissions:
"permissions": {
"systemXHR" : {},
“egidius,创建XMLHttpRequest的时候,你应该使用var xhr = new XMLHttpRequest({mozSystem: true});
mozsystem是什么?mozsystem布尔:设置此标志为true允许跨站点的连接而无需服务器选择使用CORS。需要设置mozanon:真的,即不能结合送饼干或其他用户的凭据。这仅在特权(审查)的应用程序;它不工作在任意网页加载在Firefox。你的表现的变化在你的清单,不要忘了包括线在你的权限:"permissions": {
"systemXHR" : {},}
答案 (Answer) 2
You need other headers, not only access-control-allow-origin.
If your request have the "Access-Control-Allow-Origin" header, you must copy it into the response headers, If doesn't, you must check the "Origin" header and copy it into the response. If your request doesn't have Access-Control-Allow-Origin not Origin headers, you must return "*".
You can read the complete explanation here:
and this is the function I'm using to write cross domain headers:
func writeCrossDomainHeaders(w http.ResponseWriter, req *http.Request) {
// Cross domain headers
if acrh, ok := req.Header["Access-Control-Request-Headers"]; ok {
w.Header().Set("Access-Control-Allow-Headers", acrh[0])
w.Header().Set("Access-Control-Allow-Credentials", "True")
if acao, ok := req.Header["Access-Control-Allow-Origin"]; ok {
w.Header().Set("Access-Control-Allow-Origin", acao[0])
if _, oko := req.Header["Origin"]; oko {
w.Header().Set("Access-Control-Allow-Origin", req.Header["Origin"][0])
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
w.Header().Set("Connection", "Close")
你需要其他的标题,不仅访问控制允许的起源。如果您的要求有“访问控制允许起源”的标题,你必须把它复制到响应头,如果没有,你必须检查“起源”头,把它复制到。如果您的要求没有访问控制允许非起源起源的标题,你必须返回“*”。你可以在这里阅读完整的解释:这是我用写跨域标题的功能:func writeCrossDomainHeaders(w http.ResponseWriter, req *http.Request) {
// Cross domain headers
if acrh, ok := req.Header["Access-Control-Request-Headers"]; ok {
w.Header().Set("Access-Control-Allow-Headers", acrh[0])
w.Header().Set("Access-Control-Allow-Credentials", "True")
if acao, ok := req.Header["Access-Control-Allow-Origin"]; ok {
w.Header().Set("Access-Control-Allow-Origin", acao[0])
if _, oko := req.Header["Origin"]; oko {
w.Header().Set("Access-Control-Allow-Origin", req.Header["Origin"][0])
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
w.Header().Set("Connection", "Close")
本文翻译自StackoverFlow,英语好的童鞋可直接参考原文:}
我要回帖
更多关于 origin平台下载 的文章
更多推荐
- ·表格中如何求变量的求最大值和最小值公式
- ·bootstrap可以和vue一起用吗同一台电脑,同时运行新旧两个vue项目吗?必须每次开发时候重新切换安装vue吗?
- ·在excel单元格输入公式后,显示内容为中输入=1>3>2,为什么返回TRUE,输入=1>2>3或=3>1>2也都返回TRUE,但输入=1<2<3返回FALSE?
- ·隧道监测监控系统探测孔除尘?
- ·用爬虫python下载安装获取上海天气未来七天的数据?
- ·海岛骑兵 部落冲突35级 400章求特潜队 非常活跃 求牛逼特潜队
- ·英雄之刃礼包里花钱买什么最值
- ·梦幻西游变异鬼奖励幽灵顶书技巧
- ·七雄争霸手游紫将黄将怎么配置
- ·暗夜奇迹广告初级失落之羽在哪里得
- ·时空猎人官网90级以后怎么没有新地图
- ·天龙八部之宿敌歌词3双开能得宿敌称号吗
- ·口袋妖怪漆黑二周目的魅影功略怎样把黑,白丘雷姆和在一起
- ·比利时苏格兰牧羊犬犬奖励食
- ·什么是视讯中国游戏
- ·有木有日本单机游戏下载xx游戏,你懂得,拜托了!
- ·立定跳远怎样跳得远更高
- ·达里2013查干湖冬捕直播节都需要什么装备
- ·刀剑护符合成2里65级人字装可以合成65级地字吗
- ·刚打完完胎胎多久能打溶脂针瘦脸
- ·origin橘子平台平台上我和你的问题一样要什么权限,你怎么解决了
- ·神之刃战宠试炼场怎么升70级
- ·变形金刚:重拳出击 第五关 密室逃脱攻略第五关
- ·西普大陆修改器四系忍王绝版了吗
- ·要玩宠物小精灵一定要买任天堂新3dsll的3dsll吗
- ·绝代双骄紫嫣夫人人物介绍
- ·188金宝博被查里面有什么游戏
- ·城堡争霸法老怪物打太慢要什么阵形
- ·给我一个天天炫斗公会战的公会名,要时尚,简单点的
- ·魔兽世界物品掉落霜火岭掉落任务物品
- ·我的汤姆猫怎么刷金币 为什么白扣我150个金币
- ·我的wii模拟器吧按键不管用
- ·三国之刃辅助的装备排列
- ·缚寒冰霜征服者者9989打开只显示download
- ·我给力星期天天的生日。想在班上过。大家能不能帮我想几个游戏,要新奇一点的。不要太老套
- ·植物大战僵尸32黑暗时代17天第三颗星攻略谁有?
