Google Chrome：当凭据标志为true时，不能在'Access-Control-Allow-Origin'标头中使用通配符'*' [英] Google Chrome: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true

问题描述

我知道这是常见的事情，使用早期版本的chrome我用来设置C：\Program Files（x86）\Google \ Chrome \ Application \ chrome.exe--args - 在chrome快捷方式选项卡中禁用-web-security --user-data-dir以避免Access-Control-Allow-Origin错误。使用最新版本，似乎此修复程序不再起作用。安装最新版本53.0.2785.89 m后，这是控制台中的错误

I know this is something usual, With the earlier versions of chrome I used to set "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console

XMLHttpRequest无法加载 https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html 。对预检请求的响应未通过访问控制检查：当凭证标志为真时，不能在Access-Control-Allow-Origin标头中使用通配符*。因此，不允许访问 http：// ibm-pb7en65：10080 。 XMLHttpRequest的凭据模式由withCredentials属性控制。

XMLHttpRequest cannot load https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

我不确定要添加哪些附加属性以避免Access-Control-Allow-Origin错误。有什么办法可以实现吗？

I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?

推荐答案

错误告诉你服务器发回了这个响应头：

The error is telling you that the server sent back this response header:

Access-Control-Allow-Origin: *

...在凭证请求上。这不起作用。在具有凭据的请求中，服务器必须返回特定的 Access-Control-Allow-Origin 标头。

...on a credentialed request. That doesn't work. On a request with credentials, the server must return a specific Access-Control-Allow-Origin header.

由于你是从 http：// ibm-pb7en65：10080 / 发出请求，你的服务器必须发回这个标题：

Since you're making the request from http://ibm-pb7en65:10080/, your server must send back this header:

Access-Control-Allow-Origin: http://ibm-pb7en65:10080

它不能使用通配符 * 。

解决方案是：

• 更新服务器以执行此操作，或


• 从请求中删除凭据

详情一如既往地在规范中。

这篇关于Google Chrome：当凭据标志为true时，不能在'Access-Control-Allow-Origin'标头中使用通配符'*'的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！