对公司标注系统做axios封装时,出现了一个错误,报错像是跨域:
Access to XMLHttpRequest at '...' from origin '...' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*'
when the request's credentials mode is 'include'.
The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
但是之前未封装的时候,每个axios请求都是可以的,后端也有设置cors。
看了别人的贴子说是withCredentials:true的问题,果然注释掉后正常使用了。
网友是这么说的:
withCredentials的情况下,后端要设置Access-Control-Allow-Origin为你的源地址,例如
http://localhost:8080,不能是*,而且还要设置header(‘Access-Control-Allow-Credentials: true’);
说白了就是后端没允许cookie过去……
另外,Access-Control-Allow-Origin设置为*时cookie不会出现在http的请求头里,所以报错里说Access-Control-Allow-Origin不能是*也是有道理的。
网友评论