問題描述
我知道這很常見,對于早期版本的 chrome,我曾經設置C:Program Files (x86)GoogleChromeApplicationchrome.exe" --args --disable-web-security--user-data-dir 在 chrome 快捷方式選項卡中避免訪問控制允許來源"錯誤.使用最新版本,此修復似乎不再有效.安裝最新版本 53.0.2785.89 m 后控制臺報錯
XMLHttpRequest 無法加載 https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html.對預檢請求的響應未通過訪問控制檢查:當憑證標志為真時,不能在Access-Control-Allow-Origin"標頭中使用通配符*".因此,不允許訪問 Origin 'http://ibm-pb7en65:10080'.XMLHttpRequest 的憑據模式由 withCredentials 屬性控制.
我不確定要添加哪些附加屬性以避免Access-Control-Allow-Origin"錯誤.有什么方法可以實現嗎?
錯誤告訴你服務器發回了這個響應頭:
<上一頁>訪問控制允許來源:*...在憑據請求上.那是行不通的.對于帶有憑據的請求,服務器必須返回 specific Access-Control-Allow-Origin 標頭.
由于您是從 http://ibm-pb7en65:10080/ 發出請求,因此您的服務器必須發回此標頭:
不能使用通配符*代替.
解決辦法是:
- 更新服務器以執行此操作,或
- 從請求中刪除憑據
詳細信息,一如既往,在規范中.
I know this is something usual, With the earlier versions of chrome I used to set "C:Program Files (x86)GoogleChromeApplicationchrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console
XMLHttpRequest cannot load https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?
The error is telling you that the server sent back this response header:
Access-Control-Allow-Origin: *
...on a credentialed request. That doesn't work. On a request with credentials, the server must return a specific Access-Control-Allow-Origin header.
Since you're making the request from http://ibm-pb7en65:10080/, your server must send back this header:
Access-Control-Allow-Origin: http://ibm-pb7en65:10080
It cannot use the wildcard * instead.
The solution is either:
- Update the server to do that, or
- Remove credentials from the request
Details, as always, in the specification.
這篇關于Google Chrome:當憑證標志為真時,不能在“Access-Control-Allow-Origin"標頭中使用通配符“*"的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!