Same origin policy

Chrome: Origin null is not allowed by Access-Control-Allow-Origin 的问题

发送 http request 时遇到 error: Origin null is not allowed by Access-Control-Allow-Origin。错误是由于 chrome 出于安全考虑禁止直接访问本地文件。

Origin null is the local file system, so that suggests that you're loading the HTML page that does the load call via a file:/// URL (e.g., just double-clicking it in a local file browser or similar). Different browsers take different approaches to applying the Same Origin Policy to local files.

My guess is that you're seeing this using Chrome. Chrome's rules for applying the SOP to local files are very tight, it disallows even loading files from the same directory as the document. So does Opera. Some other browsers, such as Firefox, allow limited access to local files. But basically, using ajax with local resources isn't going to work cross-browser.

If you're just testing something locally that you'll really be deploying to the web, rather than use local files, install a simple web server and test via http:// URLs instead. That gives you a much more accurate security picture.

Origin null 是本地文件系统，这个错误说明你通过 file:// URL 加载 html page（例如，在一个本地浏览器文件上双击以打开它）。不同的浏览器采取不同的策略来处理本地文件。

解决方法是安装一个简易的 web server 然后通过 http:// URLs 来测试。

原文：http://stackoverflow.com/questions/8456538/origin-null-is-not-allowed-by-access-control-allow-origin

        http://stackoverflow.com/questions/5224017/origin-null-is-not-allowed-by-access-control-allow-origin-in-chrome-why

另外，Firefox 对此更为宽容。如指定 Chrome，也可以在启动时加上：--allow-file-access-from-files 参数。

 

在使用 local file 请求 XMLHttprequest 时，出现 readyState = 4 而 status = 0 response不成功的情况，此时 response 成功，包的内容也正确。

解答：http://stackoverflow.com/questions/5005960/xmlhttprequest-status-0-responsetext-is-empty

还是浏览器对 same origin policy 要求导致。