When cross-domain requests before the front end of the service, found that the server has been set up allowed cookie, also in the front ajax request XHR also set withCredentials: true, but just do not carry the cookie, and later found out that if you want to carry cookie, Access -Control-Allow-Origin is not allowed *
The first common cross-domain, do not carry cookie
//指定允许其他域名访问
'Access-Control-Allow-Origin:http://172.20.0.666'//一般用法
或者
//允许所有域名访问
'Access-Control-Allow-Origin: *' //允许所有域访问
The second cross-domain, carry Cookie
//指定允许其他域名访问
'Access-Control-Allow-Origin:http://172.20.0.666'
//是否允许后续请求携带认证信息(cookies),该值只能是true,否则不返回
'Access-Control-Allow-Credentials:true'
同时ajax请求需要设置withCredentials:true ,否则照样不会接收cookie和发送cookie
Access-Control-Allow-Origin:
The HTTP response header that specifies source domain allows the server to access resources across domains. This field is required. Its value is either the value (the domain specified) Origin field when the request is either a *, any request for acceptance of the domain name.
Access-Control-Allow-Credentials:
This field is optional. Its value is a Boolean value that indicates whether to allow sending Cookie. By default, Cookie CORS not included in the request. Set to true, it means that the server explicit permission, Cookie can be included in the request sent to the server. This value can only be set to true, if the server is not sent by the browser Cookie, you can delete the field. ( To carry cookie, Allow-Origin can not be *)
Note that, if you want to send Cookie, Access-Control-Allow- Origin can not be set to an asterisk, you must specify clear, consistent and domain name requests a web page . Meanwhile, Cookie still follow the same-origin policy, only with Cookie domain name server settings will be uploaded, Cookie and other domain names will not upload, and (cross-source) the original page code can not be read document.cookie under the domain name server Cookie.
The above is a simple request, as well as complex requests, you may see the following article
