access-control-allow-headers:*被忽略 [英] access-control-allow-headers: * is being ignored
问题描述
尽管OPTIONS为Allow-Header返回 * ,但我得到了以下CORS响应。
Although the OPTIONS returns * for Allow-Headers I'm getting the following CORS response.
从源地址
'https://example2.net'<< c $ c>'https://example1.com'访问XMLHttpRequest / code>已被CORS政策阻止:飞行前响应中Access-Control-Allow-Headers不允许使用请求标头字段x-requested-with。
Access to XMLHttpRequest at
'https://example1.com'from origin'https://example2.net'has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.
OPTION请求看起来像这样:
While the OPTION request looks like this:
Request Method: OPTIONS
Status Code: 204
请求标头:
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
响应标头:
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204
推荐答案
我在Firefox和IE中也遇到了同样的问题,但在chrome中却没有。代替设置access-control-allow-headers:*添加逗号分隔的允许的标题列表,例如 Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method ,Access-Control-Request-Headers 通过过滤器对我有用
I was facing the same issue with Firefox and IE but not in chrome. Instead of setting the access-control-allow-headers: * add a comma separated list of the headers allowed like this Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers it worked for me through a filter
这篇关于access-control-allow-headers:*被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
