报错:
Access to XMLHttpRequest at ‘…’ from origin ‘…’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
但是一般来说跨域的报错并不是这样,一般是类似于缺少Access-Control-Allow-Origin header的报错。
回去查了一遍代码,发现我在axios里设置了withCredentials: true。看到网上有人这么说:
withCredentials的情况下,后端要设置Access-Control-Allow-Origin为你的源地址,例如http://localhost:8080,不能是*,而且还要设置header(‘Access-Control-Allow-Credentials: true’);
说白了就是后端没允许cookie过去……
另外,Access-Control-Allow-Origin设置为时cookie不会出现在http的请求头里,所以报错里说Access-Control-Allow-Origin不能是也是有道理的。
此外还有一个问题,OPTI