entityMap|blocks|key|88frq|text|事实证明，这与CORS无关--这是安全证书的问题。误导性错误=4小时的头痛。|type|unstyled|depth|inlineStyleRanges|entityRanges|data^0^^$0|$]|1|@$2|3|4|5|6|7|8|C|9|@]|A|@]|B|$]]]]

Turns out this has nothing to do with CORS- it was a problem with the security certificate. Misleading errors = 4 hours of headaches.

entityMap|blocks|key|d9bls|text|只是一句警告。我终于用Firefox和CORS解决了这个问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|fg9al|我的解决方案是这篇文章|buu0n|使用正确的响应头在Apache上设置CORS+(跨域资源共享)，允许所有内容通过%7C本杰明·霍恩|dji05|然而，在Apache服务器上设置了这些头文件(在文件夹.htaccess中)之后，火狐的行为非常非常奇怪。|cf1ed|我添加了很多console.log("Hi+FF，you+are+here+A")等，看看是怎么回事。|offset|length|style|CODE|14noo|起初，它看起来像是挂在xhr.send()上。但是后来我发现它并没有到达this语句。我将另一个console.log放在它的前面，但没有到达那里--即使在上一个console.log和新的and之间没有任何东西。它只是在两个console.log之间停止。|f0a4o|重新排序行，删除，看看文件中是否有奇怪的字符。我什么也没找到。|75q6r|重新启动Firefox解决了这个问题。|e0s3h|是的，我应该提交一个bug。只是它太奇怪了，所以不知道怎么重现。|5jg3v|注意:哦，我只做了Header+always+set部分，没有做Rewrite*部分！^0|0|0|0|0|6|Z|0|B|A|1C|B|29|B|35|B|0|0|0|0|9|H|W|8^^$0|$]|1|@$2|3|4|5|6|7|8|Y|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|Z|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|10|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|11|9|@]|A|@]|B|$]]|$2|I|4|J|6|7|8|12|9|@$K|13|L|14|M|N]]|A|@]|B|$]]|$2|O|4|P|6|7|8|15|9|@$K|16|L|17|M|N]|$K|18|L|19|M|N]|$K|1A|L|1B|M|N]|$K|1C|L|1D|M|N]]|A|@]|B|$]]|$2|Q|4|R|6|7|8|1E|9|@]|A|@]|B|$]]|$2|S|4|T|6|7|8|1F|9|@]|A|@]|B|$]]|$2|U|4|V|6|7|8|1G|9|@]|A|@]|B|$]]|$2|W|4|X|6|7|8|1H|9|@$K|1I|L|1J|M|N]|$K|1K|L|1L|M|N]]|A|@]|B|$]]]]

Just a word of warnings. I finally got around the problem with Firefox and CORS.

The solution for me was this post

<a href="http://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/" rel="noreferrer">Setting CORS (cross-origin resource sharing) on Apache with correct response headers allowing everything through | Benjamin Horn</a>

However Firefox was behaving really, really strange after setting those headers on the Apache server (in the folder .htaccess).

I added a lot of <code>console.log("Hi FF, you are here A")</code> etc to see what was going on. 

At first it looked like it hanged on <code>xhr.send()</code>. But then I discovered it did not get to the this statement. I placed another <code>console.log</code> right before it and did not get there - even though there was nothing between the last <code>console.log</code> and the new one. It just stopped between two <code>console.log</code>.

Reordering lines, deleting, to see if there was any strange character in the file. I found nothing.

Restarting Firefox fixed the trouble.

Yes, I should file a bug. It is just that it is so strange so don't know how to reproduce it. 

NOTICE: And, oh, I just did the <code>Header always set</code> parts, not the <code>Rewrite*</code> part!

entityMap|blocks|key|5pdt7|text|我发现我的问题是我向其发送了cross请求的服务器有一个不受信任的证书。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5iful|如果您要使用https连接到跨域，则必须先为该证书添加例外。|offset|length|style|CODE|dtj6h|您可以通过访问被阻止的链接一次并添加异常来完成此操作。^0|0|6|5|0^^$0|$]|1|@$2|3|4|5|6|7|8|K|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|L|9|@$E|M|F|N|G|H]]|A|@]|B|$]]|$2|I|4|J|6|7|8|O|9|@]|A|@]|B|$]]]]

I found that my problem was that the server I've sent the cross request to had a certificate that was not trusted. 

If you want to connect to a cross domain with <code>https</code>, you have to add an exception for this certificate first. 

You can do this by visiting the blocked link once and addibng the exception.

entityMap|blocks|key|fkojf|text|这些文件是不言而喻的。做个文件，随便叫什么都行。在我的例子中，jq2.php。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|6l1to|现在我们将包含一个引擎，创建一个文件，给它起任何你喜欢的名字。在我的例子中，它是gs.php。|5cf6a|我已经尝试使示例尽可能简单。因为它会在每次按键时执行链接，所以API的配额将很快被消耗。|8siur|当然，我们可以做的事情是没完没了的，比如把数据放到表中，发送到数据库等等。^0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|I|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|J|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|K|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|L|9|@]|A|@]|B|$]]]]

The files are self explanatory. Make a file, call it anything. In my case jq2.php.

<pre class="lang-html prettyprint-override"><code>&lt;html&gt;
&lt;head&gt;

&lt;script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"&gt;&lt;/script&gt;
&lt;script&gt;
 // document is made ready so that the program starts when we load this page 
 $(document).ready(function(){

 // it tells that any key activity in the "subcat_search" filed will execute the query.
 $("#subcat_search").keyup(function(){

 // we assemble the get link for the direction to our engine "gs.php". 
 var link1 = "http://127.0.0.1/jqm/gs.php?needle=" + $("#subcat_search").val();

 $.ajax({
 url: link1,
 // ajax function is called sending the input string to "gs.php".
 success: function(result){
 // result is stuffed in the label.
 $("#search_val").html(result);
 }
 });
 }) 

 });
&lt;/script&gt;
&lt;/head&gt;

&lt;body&gt;

&lt;!-- the input field for search string --&gt;
&lt;input type="text" id="subcat_search"&gt;
&lt;br&gt;
&lt;!-- the output field for stuffing the output. --&gt;
&lt;label id="search_val"&gt;&lt;/label&gt;

&lt;/body&gt;
&lt;/html&gt;
</code></pre>

Now we will include an engine, make a file, call it anything you like. In my case it is gs.php.

<pre class="lang-php prettyprint-override"><code>$head = "https://maps.googleapis.com/maps/api/place/textsearch/json?query="; //our head
$key = "your key here"; //your key
$hay = $_GET['needle'];

$hay = str_replace(" ", "+", $hay); //replacing the " " with "+" to design it as per the google's requirement 
$kill = $head . $hay . "&amp;key=" . $key; //assembling the string in proper way . 
print file_get_contents($kill);
</code></pre>

I have tried to keep the example as simple as possible. And because it executes the link on every keypress, the quota of your API will be consumed pretty fast.

Of course there is no end to things we can do, like putting the data into a table, sending to database and so on.

entityMap|blocks|key|6moq4|text|只需添加|type|unstyled|depth|inlineStyleRanges|entityRanges|data|ana4a|添加到您尝试连接的网站根目录下的.htaccess文件。|offset|length|style|CODE^0|0|G|9^^$0|$]|1|@$2|3|4|5|6|7|8|I|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|J|9|@$E|K|F|L|G|H]]|A|@]|B|$]]]]

Just add 

<pre><code>&lt;IfModule mod_headers.c&gt;
 Header set Access-Control-Allow-Origin "*"
&lt;/IfModule&gt;
</code></pre>

to the <code>.htaccess</code> file in the root of the website you are trying to connect with.

entityMap|blocks|key|82siq|text|2天后我找到了解决方案:(。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5ql1k|重要提示:在响应凭据请求时，服务器必须指定一个域，并且不能使用通配符。|188ju|cg2g8|https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials^0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|H|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|I|9|@]|A|@]|B|$]]|$2|E|4|-4|6|7|8|J|9|@]|A|@]|B|$]]|$2|F|4|G|6|7|8|K|9|@]|A|@]|B|$]]]]

I've found solution after 2 days :(.

<blockquote>
 Important note: when responding to a credentialed request, server must
 specify a domain, and cannot use wild carding.
</blockquote>

<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials" rel="noreferrer">https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials</a>

entityMap|blocks|key|cj5nl|text|对我来说，结果是我将Access-Control-Allow-Origin响应头设置为一个特定的(正确的)+host.com，但它必须作为+header返回。firefox做了什么？它默默地接受GET请求，并向XHR返回状态0，没有向javascript控制台输出任何警告，而对于其他类似的失败，它至少会说点什么。天啊。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data^0|A|R|1I|8|1X|2J^^$0|$]|1|@$2|3|4|5|6|7|8|G|9|@$A|H|B|I|C|D]|$A|J|B|K|C|D]|$A|L|B|M|C|D]]|E|@]|F|$]]]]

For me, turns out I was setting <code>Access-Control-Allow-Origin</code> response header to a specific (and the correct) <code>host.com</code> but it had to be returned as <code>http://host.com</code> instead. What does firefox do? It silently swallows the GET request and returns a status 0 to the XHR, with no warnings output to the javascript console, whereas for other similar failures it would at least say something. Ai ai.

entityMap|blocks|key|b4953|text|试试这个，它应该能解决你的问题|type|unstyled|depth|inlineStyleRanges|entityRanges|data|9ake8|在你的config.php中，在你的domain.com中添加www+pre。例如：|r3sj|HTTP定义(‘HTTP_SERVER’，‘带有www/’的http://domain名称)；HTTPS+define('HTTPS_SERVER'，‘带有www/’的http://domain名称)；|5380e|将此代码添加到您的.htaccess文件中|2bdsf|RewriteCond+%25{REQUEST_METHOD}选项RewriteRule+%5E(.*)$+$1+R=200，L^0|0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|K|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|L|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|M|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|N|9|@]|A|@]|B|$]]|$2|I|4|J|6|7|8|O|9|@]|A|@]|B|$]]]]

Try this, it should solve your issue

<ol>
<li>In your config.php, add www pre in your domain.com. For example:

<pre><code>HTTP define('HTTP_SERVER', 'http://domain name with www/');
HTTPS define('HTTPS_SERVER', 'http://domain name with www/');
</code></pre></li>
<li>Add this to your .htaccess file

<pre><code>RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]
</code></pre></li>
</ol>

entityMap|blocks|key|aevp8|text|对于后续版本，还要检查服务器日志，以查看所请求的资源是否返回200。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1fbce|我遇到了一个类似的问题，所有正确的头都在飞行前的ajax请求中返回，但浏览器报告实际的请求由于错误的CORS头而被阻塞。|76lnk|原来，被请求的页面由于错误代码而返回500错误，但仅当它是通过CORS获取时才返回。浏览器(+Chrome和Firefox)错误地报告缺少Access-Control-Allow-Origin头，而不是页面返回500。^0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|G|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|H|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|I|9|@]|A|@]|B|$]]]]

For posterity, also check server logs to see if the resource being requested is returning a 200.

I ran into a similar issue, where all of the proper headers were being returned in the pre-flight ajax request, but the browser reported the actual request was blocked due to bad CORS headers.

Turns out, the page being requested was returning a 500 error due to bad code, but only when it was fetched via CORS. The browser (both Chrome and Firefox) mistakenly reported that the Access-Control-Allow-Origin header was missing instead of saying the page returned a 500.

entityMap|blocks|key|fugu3|text|要进行调试，请检查服务器日志。Firefox在控制台中返回CORS错误的原因有很多。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|8fpbr|其中一个原因也是uMatrix+(我猜也是NoScript和类似的)插件。^0|0^^$0|$]|1|@$2|3|4|5|6|7|8|E|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|F|9|@]|A|@]|B|$]]]]

To debug, check server logs if possible. Firefox returns CORS errors in console for a whole range of reasons.

One of the reasons is also uMatrix (and I guess NoScript and similar too) plugin.

entityMap|blocks|key|4oqa5|text|我遇到了类似的问题，我认为我修复它的方式是有效的注册：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5mtve|我有一个基本上建立在Symfony+3上的系统，出于自学和性能的目的，我决定使用GoLang编写一些脚本。|57i20|我的Go+API需要Json格式参数，并返回Json格式响应|c6tib|把我正在使用的GoApi称为最多的$.ajax+(+jQuery+)第一个测试是一个骗局：(联合国)著名的“跨域请求被阻止”弹出！然后，我尝试在apache+conf、htaccess、php、javascript和任何我能在google上找到的地方设置"Access-Control-Allow-Origin：*“。|3e1p5|但是，甚至，同样令人沮丧的错误！|a7na8|解决方案很简单:我必须发出"POST“请求而不是"GET”请求。|ejtk7|为了实现这一点，我必须调整GoLang和JavaScript以使用GET！一旦完成，就不会再阻止我的跨域请求了！|f1mbm|希望能有所帮助|dh5u0|PS：|264eb|我正在使用apache和Vhost，在目录块上|4o0ml|请记住："*“表示您将接受任何人的请求！(这可能是缺乏安全性)在我的情况下，它是可以的，因为它将是一个公共API。|2bc67|PS2:我的标题|86sos|响应头部|arl4p|请求标头(469+B)^0|0|0|0|0|0|0|0|0|0|0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|12|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|13|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|14|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|15|9|@]|A|@]|B|$]]|$2|I|4|J|6|7|8|16|9|@]|A|@]|B|$]]|$2|K|4|L|6|7|8|17|9|@]|A|@]|B|$]]|$2|M|4|N|6|7|8|18|9|@]|A|@]|B|$]]|$2|O|4|P|6|7|8|19|9|@]|A|@]|B|$]]|$2|Q|4|R|6|7|8|1A|9|@]|A|@]|B|$]]|$2|S|4|T|6|7|8|1B|9|@]|A|@]|B|$]]|$2|U|4|V|6|7|8|1C|9|@]|A|@]|B|$]]|$2|W|4|X|6|7|8|1D|9|@]|A|@]|B|$]]|$2|Y|4|Z|6|7|8|1E|9|@]|A|@]|B|$]]|$2|10|4|11|6|7|8|1F|9|@]|A|@]|B|$]]]]

I faced similar problem, and I think is valid to be registered how I fixed it:

I have a system built basically over Symfony 3. For self learn and performance purposes I decided to write few scripts using GoLang, also, an API with public access.

My Go API expects Json format params, and also return Json format response 

To call those GoApi's I am using, most, $.ajax ( jQuery )
The first test was a deception: the (un)famous "Cross-Origin Request Blocked" pop up !
Then, I tried to set the "Access-Control-Allow-Origin: *" On apache conf, htaccess, php, javascript and anywhere I could find on google !

But, even, same frustrating error !!!

The Solution was simple :
I had to make "POST" requests instead "GET" .

To achieve that I had to adjust both, GoLang and JavaScript to use GET !
Once it done, no more Cross-Origin Request Blocked for me !!!

Hope it Helps

PS:

I am using apache and Vhost, on Directory Block I have

<pre><code> Header always set Access-Control-Allow-Origin "*"
 Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
</code></pre>

Remember : "*" means that you will accept requests from anyone !!! (Which may be a security lack ) 
In my case it is ok, because it will be an public API 

PS2:
My Headers 

Response headers

<pre><code>Access-Control-Allow-Credentials true
Access-Control-Allow-Headers Authorization
Access-Control-Allow-Methods GET, POST, PUT
Access-Control-Allow-Origin http://localhost
Content-Length 164
Content-Type application/json; charset=UTF-8
Date Tue, 07 May 2019 20:33:52 GMT
</code></pre>

Request headers (469 B) 

<pre><code>Accept application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Connection keep-alive
Content-Length 81
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Host localhost:9003
Origin http://localhost
Referer http://localhost/fibootkt/MY_app_dev.php/MyTest/GoAPI
User-Agent Mozilla/5.0 (Macintosh; Intel …) Gecko/20100101 Firefox/66.0
</code></pre>

entityMap|blocks|key|as321|text|如果你没有“真正的”证书(因此使用的是自签名证书)，你可以在Firefox中访问：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|dl1nk|在这里，填写位置，例如：https://www.myserver:myport|offset|length|style|CODE^0|0|C|R^^$0|$]|1|@$2|3|4|5|6|7|8|I|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|J|9|@$E|K|F|L|G|H]]|A|@]|B|$]]]]

If you don't have a 'real' certificate (and thus using a self-signed one), in Firefox you can go to:
<pre><code>Options &gt; Privacy &amp; Security &gt; (scroll to the bottom) View Certificates &gt; Servers &gt; Add Exception...
</code></pre>
There, fill in the location, eg: <code>https://www.myserver:myport</code>

entityMap|blocks|key|5pvro|text|我遇到了这个问题，我发现Firefox中的请求被阻止了，消息如下：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|88li2|原因:+CORS请求未成功|1qumc|arpfr|拔掉头发后，我发现一个新安装的Firefox扩展Privacy+Badger阻止了这些请求。|4upkc|如果你在挠头之后遇到这个问题，试着检查一下你安装了哪些扩展，看看它们中是否有阻止请求的。|fhaeu|详情请查看原因:+MDN上CORS请求未成功。^0|0|0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|L|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|M|9|@]|A|@]|B|$]]|$2|E|4|-4|6|7|8|N|9|@]|A|@]|B|$]]|$2|F|4|G|6|7|8|O|9|@]|A|@]|B|$]]|$2|H|4|I|6|7|8|P|9|@]|A|@]|B|$]]|$2|J|4|K|6|7|8|Q|9|@]|A|@]|B|$]]]]

I came across this question having found requests in Firefox were being blocked with the message:

<blockquote>
 Reason: CORS request did not succeed
</blockquote>

After pulling my hair out I found out that a newly installed Firefox extension, Privacy Badger, was blocking the requests.

If you come to this question after scratching your head, try checking to see what extensions you have installed to see if any of them are blocking requests.

See <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed" rel="noreferrer">Reason: CORS request did not succeed</a> on MDN for details.

entityMap|blocks|key|5glqu|text|如果上述答案没有帮助，那么检查后端服务器是否启动并运行，就像我的例子一样，服务器崩溃了，这个错误被证明是完全误导性的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data^0^^$0|$]|1|@$2|3|4|5|6|7|8|C|9|@]|A|@]|B|$]]]]

If the aforementioned answers don't help then check whether the backend server is up and running or not as in my case the server crashed and this error turns out to be totally misleading.

entityMap|blocks|key|8htgd|text|在我的情况下，它是我的广告拦截器！由于某种原因，它在我的本地主机上被启用，并在Firefox中导致此错误。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|7u4qc|禁用它或卸载插件应该可以解决这个问题。|ffe4f|在你的例子中，它可能不是一个广告拦截器，而是另一个Firefox插件。首先在没有插件的情况下对其进行测试，以确定这是否是问题所在，然后系统地禁用插件，直到找到罪魁祸首。^0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|G|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|H|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|I|9|@]|A|@]|B|$]]]]

In my case it was my ADBLOCKER! For some reason it was enabled on my localhost and causing this error in Firefox.

Disabling it or uninstalling the plugin should fix this.

In your case, it may not be an adblocker but another Firefox plugin. Test it out in incognito first with no plugins to determine if that is the issue and then systematically disable the plugins until you find the culprit.

entityMap|blocks|key|8slpj|text|在我的例子中，CORS错误只发生在带有文件附件而不是小文件的POST请求中。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|7nf6v|在浪费了许多小时后，我们发现使用卡巴斯基Total+Control的用户的请求被阻止了。|a9ekq|其他杀毒软件或防火墙软件也可能导致类似的问题。卡巴斯基对请求进行了一些安全测试，但对拥有SSL+EV证书的网站省略了这些测试，因此获得此类证书应该可以很好地解决这个问题。|a96gs|为您的域名禁用保护有点棘手，因此以下是必需的步骤(从2020年12月起)：设置->网络设置->管理排除->添加->您的域名->保存|91u45|好消息是你可以检测到这类被阻塞的请求。错误为空-它没有状态和响应。这样你就可以假定它被第三方软件屏蔽了，并显示一些信息。^0|0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|K|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|L|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|M|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|N|9|@]|A|@]|B|$]]|$2|I|4|J|6|7|8|O|9|@]|A|@]|B|$]]]]

In my case CORS error was happening only in POST requests with file attachments other than small files.
After many wasted hours we found out request was blocked for users who were using Kaspersky Total Control.
It's possible that other antivirus or firewall software may cause similar problems. Kaspersky run some security tests for requests, but omits them for websites with SSL EV certificate, so obtaining such certificate should resolve this issue properly.
Disabling protection for your domain is a bit tricky, so here are required steps (as for December 2020): Settings -&gt; Network Settings -&gt; Manage exclusions -&gt; Add -&gt; your domain -&gt; Save
The good thing is you can detect such blocked request. The error is empty – it doesn't have status and response. This way you can assume it was blocked by third party software and show some info.

entityMap|blocks|key|55agq|text|当我的请求处理时间超过10秒时，Ubuntu+Firefox出现CORS+failed错误。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|49mmf|与CORS无关。问题出在ubuntu+firefox的配置上。|17h87|我已经将network.notify.changed更新为false，从而修复了此问题。|bhhnn|Mozilla+Bugs参考：|517cu|https://bugzilla.mozilla.org/show_bug.cgi?id=1238377|dk7h4|https://bugzilla.mozilla.org/show_bug.cgi?id=1235509^0|0|0|0|0|0^^$0|$]|1|@$2|3|4|5|6|7|8|M|9|@]|A|@]|B|$]]|$2|C|4|D|6|7|8|N|9|@]|A|@]|B|$]]|$2|E|4|F|6|7|8|O|9|@]|A|@]|B|$]]|$2|G|4|H|6|7|8|P|9|@]|A|@]|B|$]]|$2|I|4|J|6|7|8|Q|9|@]|A|@]|B|$]]|$2|K|4|L|6|7|8|R|9|@]|A|@]|B|$]]]]

Ubuntu Firefox giving CORS failed error when my request took more than 10 seconds to process.
Nothing to do with CORS. Problem is with ubuntu firefox configuration.
I have updated network.notify.changed to false which made this fix.
<hr />
Mozilla Bugs Reference:
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1238377" rel="nofollow noreferrer">https://bugzilla.mozilla.org/show_bug.cgi?id=1238377</a>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1235509" rel="nofollow noreferrer">https://bugzilla.mozilla.org/show_bug.cgi?id=1235509</a>

I'm trying to make a simple cross-origin request, and Firefox is consistently blocking it with this error: 

<blockquote>
 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [url]. This can be fixed by moving the resource to the same domain or enabling CORS. [url] 
</blockquote>

It works fine in Chrome and Safari. 

As far as I can tell I've set all the correct headers on my PHP to allow this to work. Here's what my server is responding with 

<pre><code>HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 17:15:20 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Request-Headers: X-Requested-With, accept, content-type
Vary: Accept-Encoding
Content-Length: 186
Content-Type: text/html
</code></pre>

I've tried using Angular, jQuery, and a basic XMLHTTPRequest object, like so:

<pre><code>var data = "id=1234"
var request = new XMLHttpRequest({mozSystem: true})
request.onload = onSuccess;
request.open('GET', 'https://myurl.com' + '?' + data, true)
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')
request.send()
</code></pre>

...and it works in every browser except Firefox. Can anyone help with this?

Firefox 'Cross-Origin Request Blocked' despite headers

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

 我正在尝试发出一个简单的跨域请求，Firefox一直在阻止它，并显示以下错误： 跨域请求被阻止:同源策略不允许读取url处的远程资源。这可以通过将资源移动到相同的域或启用CORS来解决。url  它在Chrome和Safari上运行良好。 据我所知，我已经在我的PHP上设置了所有正确的头文件来允许它工作。下面是我的服...

问Firefox“跨域请求被阻止”，尽管有标头
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Firefox“跨域请求被阻止”，尽管有标头EN