PHP标头“ Access-Control-Allow-Credentials”不起作用(nginx)

时间:2019-02-20 09:40:03

标签: php nginx header

尝试在我的页面上设置Access-Control-Allow-Credentials以允许CORS时,我的行为很陌生。

总而言之:如果服务器本身发送了相同的标头,则似乎只考虑了我随PHP发送的“ Allow-Credentials”标头 。变为“ true,true”,这不是可接受的值...

我正在使用Laravel,并且具有一个将相关标头添加到相关页面的中间件:

header('Access-Control-Allow-Origin: mysite.test'));
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, X-CSRF-Token, X-Requested-With, Authorization, Origin');
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE');
header('Access-Control-Allow-Credentials: true');

当我的页面尝试发送Ajax请求时,浏览器控制台将输出以下内容:

(...) The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

尝试了一些调试之后,我将标题添加到了nginx conf本身:

add_header Access-Control-Allow-Credentials "true";

那是我感到非常无助的地方..现在浏览器的输出是:

(...) The value of the 'Access-Control-Allow-Credentials' header in the response is 'true, true' which must be 'true' when the request's credentials mode is 'include'.

相同的代码在另一台具有相同.conf文件的nginx服务器上也能很好地工作。我知道在哪里可以弄清楚所有这些吗?

0 个答案:

没有答案