access-control-allow-headers:*被忽略

时间:2019-06-12 07:04:45

标签: cors request-headers response-headers http-options-method

尽管OPTIONS为允许标题返回了*,但我得到了以下CORS响应。

  

CORS策略已阻止从源'https://example1.com''https://example2.net'处对XMLHttpRequest的访问:在飞行前响应中,Access-Control-Allow-Headers不允许请求标头字段x-requested-with。< / p>

OPTION请求看起来像这样:

Request Method: OPTIONS
Status Code: 204

请求标头:

Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

响应头:

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204

1 个答案:

答案 0 :(得分:1)

我在Firefox和IE中也遇到了同样的问题,但在chrome中却没有。代替设置access-control-allow-headers:*添加逗号分隔的允许的标题列表,例如 Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method ,Access-Control-Request-Headers 通过过滤器对我有用

相关问题
最新问题