当 URL 已经在标头中时,为什么会出现此错误Access-Control-Allow-Origin!?
XMLHttpRequest cannot load http://cdn.localhost/data/voucher/16_ead32751b66fd6c7856b7db0e186574df37a7d08.pdf. Origin http://secure.localhost is not allowed by Access-Control-Allow-Origin.
Refused to get unsafe header "Accept-Ranges"
Header add Access-Control-Allow-Origin "http://secure.localhost"
也尝试从这篇文章发送以下标题:
// Specify domains from which requests are allowed
header('Access-Control-Allow-Origin: *');
// Specify which request methods are allowed
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
// Additional headers which may be sent along with the CORS request
// The X-Requested-With header allows jQuery requests to go through
header('Access-Control-Allow-Headers: X-Requested-With');
// Set the age to 1 day to improve speed/caching.
header('Access-Control-Max-Age: 86400');
Access-Control-Allow-Origin 的规范讨论了以空格分隔的 URL 语法。也许第二次出现的标头会覆盖客户端中的第一次——在单个标头中尝试多值版本。