Reason: CORS header 'Access-Control-Allow-Origin' missing
çç±
Reason: CORS header 'Access-Control-Allow-Origin' missing
ã¨ã©ã¼ã®åå
CORS ãªã¯ã¨ã¹ãã¸ã®ã¬ã¹ãã³ã¹ãããªã½ã¼ã¹ãç¾å¨ã®ãªãªã¸ã³å
ã§æä½ãã¦ããã³ã³ãã³ãã«ãã£ã¦ã¢ã¯ã»ã¹ã§ãããã©ãããå¤æããããã«ä½¿ããããå¿
é ã® Access-Control-Allow-Origin ãããã¼ãæ¬ ãã¦ãã¾ãã
ãµã¼ãã¼ãèªåã§å¶å¾¡ã§ããå ´åã¯ããªã¯ã¨ã¹ããã¦ãããµã¤ãã®ãªãªã¸ã³ã Access-Control-Allow-Origin ãããã¼ã®å¤ã«è¿½å ãã¦ãã¢ã¯ã»ã¹ã許å¯ããã¦ãããã¡ã¤ã³ã®ä¸è¦§ã«è¿½å ãã¦ãã ããã
ä¾ãã°ãhttps://example.com ã®ãµã¤ãã CORS ã使ç¨ãããªã½ã¼ã¹ã«ã¢ã¯ã»ã¹ã§ãããã許å¯ããããã«ã¯ããããã¼ã以ä¸ã®ããã«ãã¦ãã ããã
Access-Control-Allow-Origin: https://example.com
* ã¯ã¤ã«ãã«ã¼ãã使ç¨ãããã¨ã§ããããããµã¤ãã«ã¢ã¯ã»ã¹ã許å¯ãããããµã¤ããæ§æãããã¨ãã§ãã¾ããããã¯å
¬é API ã«ã®ã¿ä½¿ç¨ãã¦ãã ãããéå
¬éã® API ã«ã¯ * ã使ç¨ããã¹ãã§ã¯ãªãã代ããã«å
·ä½çãªãã¡ã¤ã³ããã¡ã¤ã³ã®ä¸è¦§ãè¨å®ãã¦ãã ãããå ãã¦ãã¯ã¤ã«ãã«ã¼ã㯠crossorigin å±æ§ã anonymous ã«è¨å®ããããªã¯ã¨ã¹ãã«ã®ã¿åä½ãããªã¯ã¨ã¹ãã§ã¯ Cookie ã®ãããªè³æ ¼æ
å ±ã®éä¿¡ãæå¶ãã¾ãã
Access-Control-Allow-Origin: *
è¦å: ã¯ã¤ã«ãã«ã¼ãã使ç¨ãã¦ãéå ¬éã® API ã¸ã®ã¢ã¯ã»ã¹ããã¹ã¦ã®ãµã¤ãã«è¨±å¯ãããã¨ã¯ãæªãèãã§ãã
ä½ããã®ãµã¤ãã CORS ãªã¯ã¨ã¹ãã * ã¯ã¤ã«ãã«ã¼ãã使ç¨ãããã¨ãªã (ãã¨ãã°è³æ ¼æ
å ±ãæå¹ã«ããå ´å) å©ç¨ã§ããããã«ããã«ã¯ããµã¼ãã¼ã«ãªã¯ã¨ã¹ãã® Origin ãããã¼ã®å¤ãèªã¿åãããã®å¤ã Access-Control-Allow-Origin ã«è¨å®ãããã¨ã«å ãã¦ãä¸é¨ã®ãããã¼ããªãªã¸ã³ã«å¿ãã¦åçã«è¨å®ããããã¨ã示ãããã« Vary: Origin ãããã¼ãè¨å®ããå¿
è¦ãããã¾ãã
ä¸è¬çãªã¦ã§ããµã¼ãã¼ã§ã®ä¾
ã¦ã§ããµã¼ãã¼ã«ãã£ã¦ããããã¼ãè¨å®ããããã®æ£ç¢ºãªãã£ã¬ã¯ãã£ãã¯ç°ãªãã¾ãã
ä¸è¨ã®ä¾ã§ã¯ã
Apacheï¼ããã¥ã¡ã³ãã¯ãã¡ãï¼ã§ã¯ããµã¼ãã¼æ§æï¼é©å㪠<Directory>, <Location>, <Files>, <VirtualHost> ç¯å
ï¼ã«ä»¥ä¸ã®è¡ã追å ãã¾ããæ§æã¯é常ã.conf ãã¡ã¤ã«ï¼ä¸è¬çãªåå㯠httpd.conf ã apache.conf ã§ãï¼ã¾ã㯠.htaccess ãã¡ã¤ã«ã«ããã¾ãã
Header set Access-Control-Allow-Origin 'https://example.com'
Nginxï¼ããã¥ã¡ã³ãã¯ãã¡ãï¼ã§ã¯ããã®ãããã¼ãã»ããã¢ããããã³ãã³ãã¯æ¬¡ã®éãã§ãã
add_header 'Access-Control-Allow-Origin' 'https://example.com' always;
é¢é£æ å ±
- CORS ã®ã¨ã©ã¼
- ç¨èªé: CORS
- CORS å ¥é