The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’.
No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
problem
nginx添加cors header
add_header Access-Control-Allow-Origin '*';
# 报错:
# The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
如果有多个location,每个里面都配置一遍 Access-Control-Allow-Origin 则会报错
# 报错:
# No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
reason
- 配置域名需要具体
- 不要在每个location里面配置一遍cors
solution
# 完整配置
server {
listen 7006;
# 1. 不能匹配为 '*' 需要具体到某个地址
# 2. 配置不能写在location里面
add_header Access-Control-Allow-Origin http://localhost:8000;
add_header Access-Control-Allow-Credentials true;
# http://localhost:7006/test/a.js
# dist目录下的子文件也可以访问到
location /test1 {
alias /Users/project/dist1/;
}
location /test2 {
alias /Users/project/dist2/;
}
}