CORS – 难以确定何时何地发生问题

huangapple go评论67阅读模式
英文:

CORS - trouble figuring out where and when

问题

每当我尝试记录时,都会出现以下错误:

>跨源请求被阻止。同源策略禁止读取远程资源http://10.5.50.1/Login。(原因:缺少CORS标头“Access-Control-Allow-Origin”)。

首先,我必须承认我只理解CORS的原则。我对实际操作只有模糊的了解,而我在Mozilla上阅读的文档没有太大帮助。我还阅读了Stack Overflow上的许多帖子,但没有找到我要找的答案。

我想知道CORS标头应该放在哪里(HTML、PHP等)。此外,PHP CORS标头应该如何声明,放在哪里。还有HTML CORS标头应该放在哪里和何时放置。最后,我应该在哪里放置Apache CORS标头。

我尝试了各种选项,但无法使其工作。

路由器/热点托管了一个登录页面,用户输入信息后,会进行两个Ajax请求。第一个用于登录用户(获得互联网访问权限),第二个将一些信息发送到网络外的Apache服务器,其中PHP将一些信息保存到数据库中。

正如我之前提到的,我只对CORS的工作原理有模糊的了解,因此欢迎任何指导、更正等等。

如果您需要任何其他信息,请告诉我。我不知道还要提供什么,也不想在帖子中加入无关的信息。

以下是当前的代码。

PHP

<?php
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/x-www-form-urlencoded, multipart/form-data');
header('Access-Control-Allow-Methods: POST');
$host = "localhost";
$userName = "root";
$password = "";
$dbName = "baza";
// 创建数据库连接
$DB = new mysqli ($host, $userName, $password, $dbName);
// 检查连接
if ($DB->connect_error) {
    die("Connection failed: " . $DB->connect_error);
}
?>

HTML

$(if http-header == "Access-Control-Allow-Origin")http://realhotspot.com$(endif)
$(if http-header == "Access-Control-Allow-Origin")http://10.5.50.1/login$(endif)
$(if http-header == "Access-Control-Allow-Origin")http://10.5.50.1$(endif)
$(if http-header == "Access-Control-Allow-Origin")*$(endif)

这是特定于Mikrotik的,据我了解,必须设置成这样(尽管仍然不起作用)。

Apache

<Directory>
    AllowOverride none
    Require all denied

    # 我添加了这个
    Header set Access-Control-Allow-Origin "*"
</Directory>

# 我在</Directory>之后添加了这个
<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS"/>
    <add name="Access-Control-Allow-Headers" value="Authorization, Origin, X-Requested-With, Content-Type, Accept"/>
  </customHeaders>
</httpProtocol>

在我添加了Apache代码之后,它停止工作,我收到了以下错误:

>错误:Apache意外关闭。这可能是由于被阻止的端口、缺少依赖项、不正确的权限、崩溃或其他方法关闭引起的。按下“日志”按钮查看错误日志,并在Windows事件查看器中检查更多线索。如果需要更多帮助,请复制并在论坛上发布整个日志窗口。

自然地,在日志中没有任何可以指示问题所在的信息。

谢谢你的帮助。

英文:

I'm making a HotSpot, and every time I try to log it keeps saying:

>Cross-Origin-Request Blocked. The Same Origin Policy disallows reading the remote resource at http://10.5.50.1/Login. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

First of, I must admit that I understand only the principle of CORS. The practical side I understand only vaguely and the documentation I have read on mozilla didn't help much. I have also read many posts here on Stack Overflow but I didn't find the anwser I am looking for.

I would like to know where the CORS headers need to be placed (HTML, PHP etc.). Additionally how and where should the PHP CORS header be stated. Also where and when should a HTML CORS header be placed. And lastly, where should I put the Apache CORS header.

I have tried various options, but just can't make it work.

The router/hotspot is hosting a login page, after a user inputs the information, two ajax posts are made. The 1st logs in the user (he gains internet access), the 2cnd sends some information to the apache server which is outside the network, where php saves some information into the database.

As I mentioned before, I only have a vague ideas how CORS are supposed to work, so any pointers, corrections, etc. are very welcome.

Also if you need any additional information, just say so. I don't know what else to provide and I didn't want to cluster the post with pointless information.

Here's the code as it currently is.

PHP

&lt;?php
header(&#39;Access-Control-Allow-Origin: *&#39;);
header(&#39;Content-Type: application/x-www-form-urlencoded, multipart/form-data&#39;);
header(&#39;Access-Control-Allow-Methods: POST&#39;);
$host = &quot;localhost&quot;;
$userName = &quot;root&quot;;
$password = &quot;&quot;;
$dbName = &quot;baza&quot;;
// Create database connection
$DB = new mysqli ($host, $userName, $password, $dbName);
// Check connection
    if ($DB-&gt;connect_error) {
        die(&quot;Connection failed: &quot; . $DB-&gt;connect_error);
    }
?&gt;

HTML

$(if http-header == &quot;Access-Control-Allow-Origin&quot;)http://realhotspot.com$(endif)
$(if http-header == &quot;Access-Control-Allow-Origin&quot;)http://10.5.50.1/login$(endif)
$(if http-header == &quot;Access-Control-Allow-Origin&quot;)http://10.5.50.1$(endif)
$(if http-header == &quot;Access-Control-Allow-Origin&quot;)*$(endif)

this is specific to Mikrotik, and as far as I understand it must be set this way (still doesn't work though).

Apache

&lt;Directory&gt;
    AllowOverride none
    Require all denied

	#I added this
	Header set Access-Control-Allow-Origin &quot;*&quot;
&lt;/Directory&gt;

#And I added this right after the &lt;/Directory&gt;
&lt;httpProtocol&gt;
  &lt;customHeaders&gt;
    &lt;add name=&quot;Access-Control-Allow-Origin&quot; value=&quot;*&quot; /&gt;
    &lt;add name=&quot;Access-Control-Allow-Methods&quot; value=&quot;POST, GET, OPTIONS&quot;/&gt;
    &lt;add name=&quot;Access-Control-Allow-Headers&quot; value=&quot;Authorization, Origin, X-Requested-With, Content-Type, Accept&quot;/&gt;
  &lt;/customHeaders&gt;
&lt;/httpProtocol&gt;

After I added the Apache code, it stoped working, I got this error:

>Error: Apache shutdown unexpectedly. This may be due to a blocked port, missing dependencies, improper privileges, a crash, or a shutdown by another method. Press the Logs button to view error logs and check the Windows Event Viewer for more clues If you need more help, copy and post this entire log window on the forums.

And naturally there is nothing in the logs which would inicate what's the problem.

Thank you for the help.

答案1

得分: 0

所以在我做了更多的调查之后,我发现我已经为Mikrotik Hotspot设置了一个DNS名称(这是在设置热点时的一个选项之一)。实际上,AJAX调用是发送到该网站/DNS,但我并不拥有它。

从热点设置中删除DNS名称后,我不再收到该消息。

希望这对未来的某人有所帮助。
祝愉快!

英文:

So after I have done some more digging, I have found out that I have set up a DNS name for Mikrotik Hotspot (which is one of the options when setting up hotspot). The AJAX calls were actually made to that website/DNS , which I do not own.

After removing the DNS name from the Hotspot setting, I don't get the message any more.

Hope this helps someone in the future.
Enjoy

huangapple
  • 本文由 发表于 2020年1月6日 21:24:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/59612949.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定