【发布时间】:2019-10-26 15:02:04
【问题描述】:
虽然 OPTIONS 为 Allow-Headers 返回 *,但我收到了以下 CORS 响应。
CORS 策略已阻止从源
'https://example2.net'访问位于'https://example1.com'的 XMLHttpRequest:在预检响应中 Access-Control-Allow-Headers 不允许请求标头字段 x-requested-with。
虽然 OPTION 请求看起来像这样:
Request Method: OPTIONS
Status Code: 204
请求标头:
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
响应标头:
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204
【问题讨论】:
-
@sideshowbarker - 这个答案来自 2013 年,当前浏览器应该已经支持通配符。
标签: cors request-headers response-headers http-options-method