Mailchimp 身份验证显示访问控制允许来源
Mailchimp authentication showing Access-Control-Allow-Origin
与 mailchimp 集成时,我在获得 access_token 后进行身份验证,然后我还发送一个获取请求以获取元数据并遇到问题。
同步用户名和密码后,我得到 access_token 并且我在这段代码上遇到错误:
var AccessToken = '<?php //echo $_GET['access_token']; ?>'
jQuery.ajax( {
url: "https://login.mailchimp.com/oauth2/metadata",
type: 'GET',
beforeSend : function( xhr ) {
xhr.setRequestHeader( 'Authorization', 'OAuth ' +
AccessToken );
},
success: function( response ) {
console.log(response);
},
error : function(error) {
console.log(error);
}
} );
我也试过从 curl 为:
public function list()
{
$url = 'https://login.mailchimp.com/oauth2/token';
$data = [
'grant_type' => 'authorization_code',
'client_id' => 345555555555555555555555,
'client_secret' => '4b0xxxxxxxxxxxxxxxxxxxxx5406a7d',
'redirect_uri' => 'http://127.0.0.1:8000/success',
'code' => $_GET['code']
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec ($ch);
$err = curl_error($ch); //if you need
curl_close ($ch);
return $response;
}
Access to XMLHttpRequest at 'https://login.mailchimp.com/oauth2/metadata' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.mailchimp.com/oauth2/metadata with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.min.js:2
ajax @ jquery.min.js:2
(anonymous) @ list:74
您的请求中的错误指出 CORB、
Cross-origin read blocking, better known as CORB, is an algorithm by
which dubious cross-origin resource fetches are identified and blocked
before they reach a web page. CORB reduces the risk of leaking
sensitive data by keeping it further from cross-origin web pages. In
most browsers, it keeps such data out of untrusted script execution
contexts. In browsers with Site Isolation, it can keep such data out
of untrusted renderer processes entirely, helping even against side
channel attacks.
由于您是从本地主机发出请求,它被认为是可疑来源,因此被阻止。
与 mailchimp 集成时,我在获得 access_token 后进行身份验证,然后我还发送一个获取请求以获取元数据并遇到问题。
同步用户名和密码后,我得到 access_token 并且我在这段代码上遇到错误:
var AccessToken = '<?php //echo $_GET['access_token']; ?>'
jQuery.ajax( {
url: "https://login.mailchimp.com/oauth2/metadata",
type: 'GET',
beforeSend : function( xhr ) {
xhr.setRequestHeader( 'Authorization', 'OAuth ' +
AccessToken );
},
success: function( response ) {
console.log(response);
},
error : function(error) {
console.log(error);
}
} );
我也试过从 curl 为:
public function list()
{
$url = 'https://login.mailchimp.com/oauth2/token';
$data = [
'grant_type' => 'authorization_code',
'client_id' => 345555555555555555555555,
'client_secret' => '4b0xxxxxxxxxxxxxxxxxxxxx5406a7d',
'redirect_uri' => 'http://127.0.0.1:8000/success',
'code' => $_GET['code']
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec ($ch);
$err = curl_error($ch); //if you need
curl_close ($ch);
return $response;
}
Access to XMLHttpRequest at 'https://login.mailchimp.com/oauth2/metadata' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.mailchimp.com/oauth2/metadata with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
send @ jquery.min.js:2
ajax @ jquery.min.js:2
(anonymous) @ list:74
您的请求中的错误指出 CORB、
Cross-origin read blocking, better known as CORB, is an algorithm by which dubious cross-origin resource fetches are identified and blocked before they reach a web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks.
由于您是从本地主机发出请求,它被认为是可疑来源,因此被阻止。