JS发起请求:fetch(url, { method: 'POST', body: 'p1=v1&p2=v2', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, credentials: 'same-origin', mode: 'cors' })credentials
omit: 默认值,忽略cookie的发送
same-origin: 表示cookie只能同域发送,不能跨域发送
include: cookie既可以同域发送,也可以跨域发送
设置include后, 服务端 response header 中 Access-Control-Allow-Origin 必须设置为request的Origin。否则报错:The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'null' is therefore not allowed access.springMVCV.4.3+ 直接使用注解 @CrossOrigin
参考: http://www.cnblogs.com/cielosun/p/6741307.html
V.4.3- 设置response的header
response.addHeader("Access-Control-Allow-Origin","*"); response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");response.addHeader("Access-Control-Allow-Headers", "Content-Type");response.addHeader("Access-Control-Max-Age", "1800");//30 min