我有一个主域和一个子域( Mautic已安装),遗憾的是,如果在子域内设置了mautic,我会遇到跨域HTTP请求问题。当我加载example.com时,我在Safari控制台中收到以下错误:
Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin. XMLHttpRequest cannot load https://subdomain.example.com/mtc.
Origin https://example.com is not allowed by Access-Control-Allow-Origin.
这对安全原因有意义。
因此,我将标头集Access-Control-Allow-Origin: https://example.com添加到https://subdomain.example.com /etc/httpd/conf/httpd.conf文件中。感谢这篇关于CORS on MDN的文章。但是,现在我收到以下错误:
Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
然后,我将header set Access-Control-Allow-Credentials: true添加到/etc/httpd/conf/httpd.conf文件中。但我仍然得到一个错误:
Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers
而且,这就是我被困住的地方,有人能帮帮我吗?提前致谢。
答案 0 :(得分:0)
我找到了解决这个问题的方法。您需要做的是设置 Origin,Headers和Credentials 。我想念我在httpd.conf中未指定的“标题”部分。这是完整的配置:
Header set Access-Control-Allow-Origin: https://example.com
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials: true