1

尽管 OPTIONS*为 Allow-Headers 返回,但我收到了以下 CORS 响应。

'https://example1.com'CORS 策略已阻止从源访问 XMLHttpRequest 'https://example2.net':在预检响应中 Access-Control-Allow-Headers 不允许请求标头字段 x-requested-with。

虽然 OPTION 请求如下所示:

Request Method: OPTIONS
Status Code: 204

请求标头:

Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

响应标头:

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204
4

1 回答 1

1

我在使用 Firefox 和 IE 时遇到了同样的问题,但在 chrome 中却没有。而不是设置访问控制允许标头:*添加一个逗号分隔的标头列表,例如Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access- Control-Request-Headers它通过过滤器为我工作

于 2019-06-12T07:15:23.727 回答