关于Axios.create 和 CORS 跨域配置问题?
发现一个奇怪的问题,我已经在服务端配置了允许跨域:
header('Content-Type:text/html;charset=utf-8');
header("Access-Control-Allow-Origin:*");
header("Access-Control-Allow-Methods:GET, POST, OPTIONS, DELETE");
header("Access-Control-Allow-Headers:DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding");这样就正常:
import axios from 'axios';
axios.post('https://example.com/v1/login', {
name: 'myuser',
password: 'mypassword',
});这样就不行
import axios from 'axios';
export const apiBase = axios.create({
baseURL: "https://example.com/v1/",
withCredentials: true,
headers: {
'Content-Type': 'application/json;charset=UTF-8',
},
});
apiBase.post('login', {
name: 'myuser',
password: 'mypassword',
});控制台报错
Access to XMLHttpRequest at 'https://example.com/v1/login'
from origin 'http://example.com' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: The
value of the 'Access-Control-Allow-Origin' header in the response must
not be the wildcard '*' when the request's credentials mode is
'include'. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
withCredentials为true时,不允许设置Access-Control-Allow-Origin:*需要指定
originhttps://developer.mozilla.org...
https://ben-lau.github.io/%E8...