access-control-allow-headers: * is being ignored [duplicate]

血红的双手。 提交于 2020-02-05 06:54:06

问题


Although the OPTIONS returns * for Allow-Headers I'm getting the following CORS response.

Access to XMLHttpRequest at 'https://example1.com' from origin 'https://example2.net' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.

While the OPTION request looks like this:

Request Method: OPTIONS
Status Code: 204 

Request headers:

Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

Response headers:

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204

回答1:


I was facing the same issue with Firefox and IE but not in chrome. Instead of setting the access-control-allow-headers: * add a comma separated list of the headers allowed like this Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers it worked for me through a filter



来源:https://stackoverflow.com/questions/56556415/access-control-allow-headers-is-being-ignored

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!