如何解决飞行前响应TinyMCE图像上载的CORS 500错误
我正在使用TinyMCE并尝试上传图片。我的HTML页面由Django提供。请在下面查看我的图片上传处理程序(由TinyMCE提供)
images_upload_handler: function (blobInfo,success,failure,progress) {
var xhr,formData;
xhr = new XMLHttpRequest();
//xhr.withCredentials = true;
xhr.open('POST','http://localhost/tiny_upload.php');
xhr.setRequestHeader('x-requested-with','XMLHttpRequest')
xhr.upload.onprogress = function (e) {
progress(e.loaded / e.total * 100);
};
xhr.onload = function () {
var json;
if (xhr.status < 200 || xhr.status >= 300) {
failure('HTTP Error: ' + xhr.status);
return;
}
json = JSON.parse(xhr.responseText);
if (!json || typeof json.location != 'string') {
failure('Invalid JSON: ' + xhr.responseText);
return;
}
success(json.location);
};
xhr.onerror = function () {
failure('Image upload failed due to a XHR Transport error. Code: ' + xhr.status +
' Message:' + xhr.responseText);
};
formData = new FormData();
formData.append('file',blobInfo.blob(),blobInfo.filename());
xhr.send(formData);
}
我的上传器php在下面
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
/***************************************************
* Only these origins are allowed to upload images *
***************************************************/
$accepted_origins = array("http://localhost","http://192.168.1.1","http://127.0.0.1:8000","http://127.0.0.1");
/*********************************************
* Change this line to set the upload folder *
*********************************************/
$imageFolder = "images/";
reset($_FILES);
$temp = current($_FILES);
header('CUS_MSG: hello');
if (is_uploaded_file($temp['tmp_name'])) {
header('CUS_MSG1: hello');
if (isset($_SERVER['HTTP_ORIGIN'])) {
// same-origin requests won't set an origin. If the origin is set,it must be valid.
if (in_array($_SERVER['HTTP_ORIGIN'],$accepted_origins)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
} else {
header("HTTP/1.1 403 Origin Denied");
return;
}
}
/*
If your script needs to receive cookies,set images_upload_credentials : true in
the configuration and enable the following two headers.
*/
// header('Access-Control-Allow-Credentials: true');
// header('P3P: CP="There is no P3P policy."');
// Sanitize input
if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/",$temp['name'])) {
header("HTTP/1.1 400 Invalid file name.");
return;
}
// Verify extension
if (!in_array(strtolower(pathinfo($temp['name'],PATHINFO_EXTENSION)),array("gif","jpg","png"))) {
header("HTTP/1.1 400 Invalid extension.");
return;
}
// Accept upload if there was no origin,or if it is an accepted origin
$filetowrite = $imageFolder . $temp['name'];
move_uploaded_file($temp['tmp_name'],$filetowrite);
// Respond to the successful upload with JSON.
// Use a location key to specify the path to the saved image resource.
// { location : '/your/uploaded/image/file'}
echo json_encode(array('location' => $filetowrite));
} else {
// Notify editor that the upload failed
header("HTTP/1.1 500 Server Error");
}
?>
这里的问题是PreFlight请求始终失败,并显示500 Error。但是,当我在带有--disable-web-security
标志的Chrome中运行相同的代码时,我没有得到这个
Chrome控制台上的错误
从以下位置访问“ http://localhost/tiny_upload.php”处的XMLHttpRequest 原点“ http://127.0.0.1:8000”已被CORS政策阻止: 对预检请求的响应未通过访问控制检查: 没有HTTP正常状态。
请帮助解决此问题。这种情况发生在本地WAMP服务器以及Centos计算机上的Apache服务器中
解决方法
感谢@Evgeniy在评论中的回复。
我将php文件的内容更改为以下
<NSProgress: 0x280cd1720> : Parent: 0x0 (portion: 0) / Fraction completed: 0.0000 / Completed: 0 of 1
并从JS文件中删除了<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
/***************************************************
* Only these origins are allowed to upload images *
***************************************************/
$accepted_origins = array("http://localhost","http://192.168.1.1","http://127.0.0.1:8000","http://127.0.0.1");
/*********************************************
* Change this line to set the upload folder *
*********************************************/
$method = $_SERVER['REQUEST_METHOD'];
if ($method == 'OPTIONS') {
if (isset($_SERVER['HTTP_ORIGIN'])) {
if (in_array($_SERVER['HTTP_ORIGIN'],$accepted_origins)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header("HTTP/1.1 200 OK");
return;
} else {
header("HTTP/1.1 403 Origin Denied");
return;
}
}
} elseif ($method == 'POST') {
$imageFolder = "images/";
reset($_FILES);
$temp = current($_FILES);
if (is_uploaded_file($temp['tmp_name'])) {
header('CUS_MSG1: hello');
if (isset($_SERVER['HTTP_ORIGIN'])) {
// same-origin requests won't set an origin. If the origin is set,it must be valid.
if (in_array($_SERVER['HTTP_ORIGIN'],$accepted_origins)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
} else {
header("HTTP/1.1 403 Origin Denied");
return;
}
}
/*
If your script needs to receive cookies,set images_upload_credentials : true in
the configuration and enable the following two headers.
*/
// header('Access-Control-Allow-Credentials: true');
// header('P3P: CP="There is no P3P policy."');
// Sanitize input
if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/",$temp['name'])) {
header("HTTP/1.1 400 Invalid file name.");
return;
}
// Verify extension
if (!in_array(strtolower(pathinfo($temp['name'],PATHINFO_EXTENSION)),array("gif","jpg","png"))) {
header("HTTP/1.1 400 Invalid extension.");
return;
}
// Accept upload if there was no origin,or if it is an accepted origin
$filetowrite = $imageFolder . $temp['name'];
move_uploaded_file($temp['tmp_name'],$filetowrite);
// Respond to the successful upload with JSON.
// Use a location key to specify the path to the saved image resource.
// { location : '/your/uploaded/image/file'}
echo json_encode(array('location' => 'http://' . $_SERVER['SERVER_NAME'] . '/' . $filetowrite));
} else {
// Notify editor that the upload failed
header("HTTP/1.1 500 Server Error");
}
} else {
// Notify editor that the upload failed
header("HTTP/1.1 500 Server Error");
}
?>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。