当URL已经在Access-Control-Allow-Origin标头中时,为什么会出现此错误!?
错误
XMLHttpRequest cannot load http://cdn.localhost/data/voucher/16_ead32751b66fd6c7856b7db0e186574df37a7d08.pdf. Origin http://secure.localhost is not allowed by Access-Control-Allow-Origin.
Refused to get unsafe header "Accept-Ranges"
htaccess(cdn.localhost)
Header add Access-Control-Allow-Origin "http://secure.localhost"
也可以尝试从这篇文章中发送以下标题:
// Specify domains from which requests are allowed
header('Access-Control-Allow-Origin: *');
// Specify which request methods are allowed
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
// Additional headers which may be sent along with the CORS request
// The X-Requested-With header allows jQuery requests to go through
header('Access-Control-Allow-Headers: X-Requested-With');
// Set the age to 1 day to improve speed/caching.
header('Access-Control-Max-Age: 86400');
Access Control Allow Origin的规范谈到了空格分隔的URL语法。也许第二次出现的头会覆盖客户端中的第一次——尝试在单个头中使用多值版本。