Cross-domain calling json problem
In my spare time, I made a blog site. After the site released the network, the program function was completed. Finally, I found a cross-domain problem. For example, I used abc.com to open the system. I tried again using www.abc.com, and found that some font files or references to external css files failed to request
Font from origin 'http://lovefeel.top' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.lovefeel.top' is therefore not allowed access.
Browser debugging errors are as follows:
Solutions under IIS
# 在IIS添加如下标头即可
Access-Control-Allow-Headers:Content-Type, api_key, Authorization
Access-Control-Allow-Origin:*
Open IIS, find the "HTTP response header" and click in,
You can see the addition on the right, and then add the following header
It is recommended to write both rules at the same time, and some netizens only write Access-Control-Allow-Origin: * It is solved, the file request is normal.
Nginx server
Add the address allowed by Access-Control-Allow-Origin through the Nginx module HttpHeadersModule.
Modify nginx.conf in the Nginx conf directory, add the following code
location ~* \.(eot|ttf|woff|svg|otf)$ {
add_header Access-Control-Allow-Origin *;
}
// eot|ttf|woff|svg|otf,表示请求后缀类型,也可以直接写如下代码
location / {
add_header Access-Control-Allow-Origin *;
}
Apache server
If the server is Apache, you can configure it as follows:
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
<FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
References: http://www.bubuko.com/infodetail-1022595.html
http://www.mamicode.com/info-detail-470472.html
Apache official documentation: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
In addition, there are some cross-domain security issues, etc., please refer to Daniel ’s article for details
Ajax Cross-Domain, Json Cross-Domain, Socket Cross-Domain, and Canvas Cross-Domain, etc. Same Origin Policy Restrictions : http://blog.csdn.net/freshlover/article/details/44223467