2

我有一个主域和一个子域(已安装 Mautic),不幸的是,如果在子域中设置了 mautic,我会遇到跨域 HTTP 请求问题。当我加载 example.com 时,我在 Safari 控制台中收到以下错误:

Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin. XMLHttpRequest cannot load https://subdomain.example.com/mtc.
Origin https://example.com is not allowed by Access-Control-Allow-Origin.

出于安全原因,这很有意义。

因此,我将标头集添加Access-Control-Allow-Origin: https://example.comhttps://subdomain.example.com /etc/httpd/conf/httpd.conf文件。感谢MDN 上关于 CORS 的这篇文章。但是,现在我收到以下错误:

Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".

然后,我添加header set Access-Control-Allow-Credentials: true/etc/httpd/conf/httpd.conf文件中。但我仍然得到一个错误:

Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

而且,这就是我卡住的地方,有人可以帮助我吗?提前致谢。

4

1 回答 1

1

我找到了解决这个问题的方法。您需要做的是设置Origin、Headers 和 Credentials。我错过了我没有在我的httpd.conf. 这是完整的配置:

Header set Access-Control-Allow-Origin: https://example.com
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials true
于 2016-10-22T15:07:25.290 回答