尝试在我的页面上设置Access-Control-Allow-Credentials以允许CORS时,我的行为很陌生。
总而言之:如果服务器本身发送了相同的标头,则似乎只考虑了我随PHP发送的“ Allow-Credentials”标头 。变为“ true,true”,这不是可接受的值...
我正在使用Laravel,并且具有一个将相关标头添加到相关页面的中间件:
header('Access-Control-Allow-Origin: mysite.test'));
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, X-CSRF-Token, X-Requested-With, Authorization, Origin');
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE');
header('Access-Control-Allow-Credentials: true');
当我的页面尝试发送Ajax请求时,浏览器控制台将输出以下内容:
(...) The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.
尝试了一些调试之后,我将标题添加到了nginx conf本身:
add_header Access-Control-Allow-Credentials "true";
那是我感到非常无助的地方..现在浏览器的输出是:
(...) The value of the 'Access-Control-Allow-Credentials' header in the response is 'true, true' which must be 'true' when the request's credentials mode is 'include'.
相同的代码在另一台具有相同.conf文件的nginx服务器上也能很好地工作。我知道在哪里可以弄清楚所有这些吗?