原因是
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
// restrict access to domains:
'Origin' => static::allowedDomains(),
'Access-Control-Request-Headers' => ['*'],
'Access-Control-Request-Method' => ['GET','POST','OPTIONS','PUT','DELETE'],
'Access-Control-Allow-Credentials' => false,
'Access-Control-Max-Age' => 3600, // Cache (seconds)
],
],
Access-Control-Request-Method 这个请求头如果使用通配符(*),是不会兼容所有浏览器的。需要明确指定。