Firebug报错：已阻止交叉源请求：同源策略不允许读取XXX上的远程资源。可以将资源移动到相同的域名上或者启用 CORS 来解决这个问题

程序员文章站 2022-03-17 16:16:57

...

1. 如果可以使用get请求的话，可以使用jsonp。十分简单的方法。

2. 如果要使用post请求域名不相同的资源的话，可以用cors跨域。

以下两项缺一不可：
1）在被请求的项目根目录（root下）下放以下文件
crossdomain.xml

    <?xml version="1.0"?>  
    <!DOCTYPE cross-domain-policy SYSTEM "./cross-domain-policy.dtd">  
    <cross-domain-policy> <site-control permitted-cross-domain-policies="all" />  
        <allow-access-from domain="*" />  
        <allow-http-request-headers-from domain="*" headers="*"/>  
    </cross-domain-policy>

cross-domain-policy.dtd


    <?xml version="1.0" encoding="ISO-8859-1"?>  
    <!-- Adobe DTD for cross-domain policy files -->  
    <!-- Copyright (c) 2008-2009, Adobe Systems Inc. -->  
      
    <!ELEMENT cross-domain-policy (site-control?,allow-access-from*,allow-http-request-headers-from*,allow-access-from-identity*)>  
      
    <!ELEMENT site-control EMPTY>  
    <!ATTLIST site-control permitted-cross-domain-policies (all|by-content-type|by-ftp-filename|master-only|none) #REQUIRED>  
      
    <!ELEMENT allow-access-from EMPTY>  
    <!ATTLIST allow-access-from domain CDATA #REQUIRED>  
    <!ATTLIST allow-access-from to-ports CDATA #IMPLIED>  
    <!ATTLIST allow-access-from secure (true|false) "true">  
      
    <!ELEMENT allow-http-request-headers-from EMPTY>  
    <!ATTLIST allow-http-request-headers-from domain CDATA #REQUIRED>  
    <!ATTLIST allow-http-request-headers-from headers CDATA #REQUIRED>  
    <!ATTLIST allow-http-request-headers-from secure (true|false) "true">  
      
    <!ELEMENT allow-access-from-identity (signatory)>  
      
    <!ELEMENT signatory (certificate)>  
      
    <!ELEMENT certificate EMPTY>  
    <!ATTLIST certificate fingerprint CDATA #REQUIRED>  
    <!ATTLIST certificate fingerprint-algorithm CDATA #REQUIRED>  
      
    <!-- End of file. -->

测试从http://domain.com/crossdomain.xml可访问到这两个xml。

2.）被请求的目标在返回时需加Responseheader Access-Control-Allow-Origin
不推荐

header("Access-Control-Allow-Origin: *");