尽管OPTIONS为允许标题返回了*,但我得到了以下CORS响应。
CORS策略已阻止从源
'https://example1.com'在'https://example2.net'处对XMLHttpRequest的访问:在飞行前响应中,Access-Control-Allow-Headers不允许请求标头字段x-requested-with。< / p>
OPTION请求看起来像这样:
Request Method: OPTIONS
Status Code: 204
请求标头:
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
响应头:
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204
答案 0 :(得分:1)
我在Firefox和IE中也遇到了同样的问题,但在chrome中却没有。代替设置access-control-allow-headers:*添加逗号分隔的允许的标题列表,例如 Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method ,Access-Control-Request-Headers 通过过滤器对我有用