我正在开发 SPA MEAN 应用程序,我正在针对 Apiary 模拟 API 开发它,该 API 设置了以下 CORS 标头:
Access-Control-Allow-Methods → OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,CONNECT
Access-Control-Allow-Origin → *
Access-Control-Max-Age → 10
一切正常,angular 可以使用 $http angular 服务来访问它。但是,在添加 Stormpath Angular SDK 后,所有这些请求都失败并出现以下错误:
XMLHttpRequest cannot load https://xxx.apiary-mock.com/workshops?type=favourite. Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:8000' is therefore not allowed access.
我试图弄清楚为什么这些请求被拒绝以及在什么时候添加这些标头?