我收到错误:“凭据标志为true时,不能在'Access-Control-Allow-Origin'标头中使用通配符。”尝试从javascript socket.io网页访问c#httplistener程序时。
我不明白的是我有以下代码设置访问控制允许凭据为FALSE:
// Note: The GetContext method blocks while waiting for a request.
HttpListenerContext context = listener.GetContext();
UpdateListbox(PluginCore.listMain, "HTTP Client connected", true);
HttpListenerRequest request = context.Request;
// Obtain a response object.
HttpListenerResponse response = context.Response;
response.AddHeader("Access-Control-Allow-Credentials", "false");
response.AddHeader("Access-Control-Allow-Origin", "*");
response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
// Construct a response.
string responseString = "Hello world!";
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
// Get a response stream and write the response to it.
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
// You must close the output stream.
output.Close();
对我来说没有意义。谁能指出我做错了什么?
答案 0 :(得分:2)
从JavaScript发送的XmlHttpRequest不应该有withCredentials = true;或者响应不应该发送Access-Control-Allow-Credentials标头,或者它的值应该是true,以便浏览器能够实际上发回响应。这是由于CORS中的安全限制。 https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Requests_with_credentials