问题
I know this is something usual, With the earlier versions of chrome I used to set "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console
XMLHttpRequest cannot load https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?
回答1:
The error is telling you that the server sent back this response header:
Access-Control-Allow-Origin: *
...on a credentialed request. That doesn't work. On a request with credentials, the server must return a specific Access-Control-Allow-Origin header.
Since you're making the request from http://ibm-pb7en65:10080/, your server must send back this header:
Access-Control-Allow-Origin: http://ibm-pb7en65:10080
It cannot use the wildcard * instead.
The solution is either:
- Update the server to do that, or
- Remove credentials from the request
Details, as always, in the specification.
来源:https://stackoverflow.com/questions/39286997/google-chrome-a-wildcard-cannot-be-used-in-the-access-control-allow-origin