Access-Control-Allow-Origin:“*”在凭据标志为真时不允许,但没有Access-Control-Allow-Credentials头 [英] Access-Control-Allow-Origin: "*" not allowed when credentials flag is true, but there is no Access-Control-Allow-Credentials header
问题描述
突然,似乎没有更改我的网络应用程序的任何东西,我开始得到CORS错误,当它在Chrome中打开。我试图添加一个 Access-Control-Allow-Origin:*
头。然后我得到这个错误:
Suddenly, seemingly without changing anything in my web app, I started getting CORS errors when opening it in Chrome. I tried adding an Access-Control-Allow-Origin: *
header. Then I get this error:
XMLHttpRequest不能加载http:// localhost:9091 / sockjs-node / info?t = 1449187563637.当凭证标志为真时,不能在Access-Control-Allow-Origin标头中使用通配符*。因此,不允许原始'http:// localhost:3010'访问。
但是如下图所示,没有 Access-Control-Allow -Credentials
。
But as you can see in the following image, there is no Access-Control-Allow-Credentials
header.
WTF? Chrome错误?
WTF? Chrome bug?
我的网页载入 http:// localhost:3010
,该伺服器也使用 Access-Control-Allow-Origin:*
没有问题。如果两个端点都使用它,是否有问题?
My page is loaded at http://localhost:3010
and that server also uses Access-Control-Allow-Origin: *
without problems. Is there a problem if the two endpoints both use it?
推荐答案
凭证标志是指 XMLHttpRequest.withCredentials
,而不是 Access-Control-Allow-Credentials
标头。
"credentials flag" refers to XMLHttpRequest.withCredentials
of the request being made, not to an Access-Control-Allow-Credentials
header. That was the source of my confusion.
如果请求的 withCredentials
为 true $ c $即使没有
Access-Control-Allow-Credentials
Access-Control-Allow-Origin:*
/ code>头。
If the request's withCredentials
is true
, Access-Control-Allow-Origin: *
can't be used, even if there is no Access-Control-Allow-Credentials
header.
这篇关于Access-Control-Allow-Origin:“*”在凭据标志为真时不允许,但没有Access-Control-Allow-Credentials头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!