axios allow cross-domain requests with a cookie, the server Access-Control-Allow-Origin should be set to a specific domain name, otherwise the request can not get the return data

Others 2019-11-16 14:49:50 views: null

1, by allowing cross-domain access request implements inter-domain, but in order to bring each of the session information request, I set withCredentials, namely:
  axios.defaults.withCredentials to true =
  a problem arises when the cross-domain request and then:
  the Response to preflight request does not pass access control check :. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is' include 'Origin' http: / / localhost: 8080 'is therefore not allowed access The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute..
  solutions
    Access-Control-Allow-Origin field must specify the domain name, can not be *
    Access-Control-allow- Credentials as to true

2.CORS
  with the domain security policy CORS (Cross-Origin Resource Sharing)
  It requires a server request to add Access-Control-Allow-Origin header tags (Response Header) response, thereby allowing the label resource domain to access this server corresponds, this server call interface.
  defect:

    By default, cross-origin requests do not provide credentials (cookie, HTTP authentication and SSL client certificate, etc.), by withCredentials property is set to true, you can specify that a request should be sent credentials. If the server receives a request with credentials, will be used to respond to HTTP header the following:

1 Access-Control-Allow-Credentials: true


  If you send a request with credentials, but the corresponding server is not included in the head, then the browser will not be appropriate to JavaScript, the request will not be able to get the data results (browser has been, but the way we requested not, because they were intercepted when the browser), and therefore need to pass Cookie, and the service side of the Access-Control- Allow-Origin must configure specific specific domain name. And also requires additional setting request header:

1
2
3
4		 header('Access-Control-Allow-Origin:http://www.xxx.com');
header('Access-Control-Allow-Credentials: true');   //是否支持cookie跨域
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");

Guess you like

Origin www.cnblogs.com/TreeSky/p/11871615.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com