为了账号安全,请及时绑定邮箱和手机立即绑定

预检响应 TinyMCE 图像上传时出现 CORS 500 错误

预检响应 TinyMCE 图像上传时出现 CORS 500 错误

白猪掌柜的 2023-01-06 11:27:34

我正在使用 TinyMCE 并尝试上传图像。我的 HTML 页面由 Django 提供服务。请看下面我的图片上传处理程序(由 TinyMCE 提供)


images_upload_handler: function (blobInfo, success, failure, progress) {

            var xhr, formData;


            xhr = new XMLHttpRequest();

            //xhr.withCredentials = true;

            xhr.open('POST', 'http://localhost/tiny_upload.php');

            xhr.setRequestHeader('x-requested-with', 'XMLHttpRequest')

            xhr.upload.onprogress = function (e) {

                progress(e.loaded / e.total * 100);

            };


            xhr.onload = function () {

                var json;


                if (xhr.status < 200 || xhr.status >= 300) {

                    failure('HTTP Error: ' + xhr.status);

                    return;

                }


                json = JSON.parse(xhr.responseText);


                if (!json || typeof json.location != 'string') {

                    failure('Invalid JSON: ' + xhr.responseText);

                    return;

                }


                success(json.location);

            };


            xhr.onerror = function () {

                failure('Image upload failed due to a XHR Transport error. Code: ' + xhr.status +

                    ' Message:' + xhr.responseText);

            };


            formData = new FormData();

            formData.append('file', blobInfo.blob(), blobInfo.filename());

            xhr.send(formData);

        }


查看完整描述

1 回答

?
MM们

TA贡献1622条经验 获得超2个赞

我将 php 文件内容更改为以下内容


<?php

error_reporting(E_ERROR | E_WARNING | E_PARSE);

/***************************************************

 * Only these origins are allowed to upload images *

 ***************************************************/

$accepted_origins = array("http://localhost", "http://192.168.1.1", "http://127.0.0.1:8000", "http://127.0.0.1");


/*********************************************

 * Change this line to set the upload folder *

 *********************************************/


$method = $_SERVER['REQUEST_METHOD'];

if ($method == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ORIGIN'])) {

        if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {

            header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);

            header("HTTP/1.1 200 OK");

            return;

        } else {

            header("HTTP/1.1 403 Origin Denied");

            return;

        }

    }

} elseif ($method == 'POST') {

    $imageFolder = "images/";

    reset($_FILES);

    $temp = current($_FILES);

    if (is_uploaded_file($temp['tmp_name'])) {

        header('CUS_MSG1: hello');

        if (isset($_SERVER['HTTP_ORIGIN'])) {

            // same-origin requests won't set an origin. If the origin is set, it must be valid.

            if (in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)) {

                header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);

            } else {

                header("HTTP/1.1 403 Origin Denied");

                return;

            }

        }


        /*

    If your script needs to receive cookies, set images_upload_credentials : true in

    the configuration and enable the following two headers.

     */

        // header('Access-Control-Allow-Credentials: true');

        // header('P3P: CP="There is no P3P policy."');


        // Sanitize input

        if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {

            header("HTTP/1.1 400 Invalid file name.");

            return;

        }


        // Verify extension

        if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), array("gif", "jpg", "png"))) {

            header("HTTP/1.1 400 Invalid extension.");

            return;

        }


        // Accept upload if there was no origin, or if it is an accepted origin

        $filetowrite = $imageFolder . $temp['name'];

        move_uploaded_file($temp['tmp_name'], $filetowrite);


        // Respond to the successful upload with JSON.

        // Use a location key to specify the path to the saved image resource.

        // { location : '/your/uploaded/image/file'}

        echo json_encode(array('location' => 'http://' . $_SERVER['SERVER_NAME'] . '/' . $filetowrite));

    } else {

        // Notify editor that the upload failed

        header("HTTP/1.1 500 Server Error");

    }

} else {

    // Notify editor that the upload failed

    header("HTTP/1.1 500 Server Error");

}

?>

并xhr.setRequestHeader('x-requested-with', 'XMLHttpRequest')从 JS 文件中删除


查看完整回答
反对 回复 2023-01-06
  • 1 回答
  • 0 关注
  • 13 浏览
慕课专栏
更多

添加回答

举报

0/150
提交
取消
意见反馈 帮助中心 APP下载
官方微信