说起跨域请求,大家首先想到的就会是设置请求头Access-Control-Allow-Origin: *。但是有时候只设置这么一样还是解决不了的跨域问题就要分的比较细的设置请求头了:
access-control-allow-headers: Authorization, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, X-Requested-By, If-Modified-Since, X-File-Name, X-File-Type, Cache-Control, Origin
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-expose-headers: Authorization是指允许在请求头里存放token,后端通过请求头来获取前端传来的token。
如下图: