欢送拜访moshuying.top查看更多信息
具体错误信息 Access to XMLHttpRequest at 'http://localhost:7894/Login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
前端 vue-antd-admin
后端 java servlet
<!-- more -->
前后端拆散的我的项目中必定会碰到跨域的问题,跨域的起因还是为了平安。最近在做一个我的项目的时候发现,即便我曾经设置了跨域信息,前端还是报这个跨域谬误。
起初找了有教训的后盾来帮忙也是弄了很久都没有解决问题,起初我缓缓看申请头和认真寻找前后端的代码终于发现了端倪。
我我的项目中失败的申请头
参考自MDN中失败的一个申请头
能够发现多了Authorization和Accept两个申请头,这两个申请头来自前端我的项目中的src/utils/request.js对申请经行了简略的平安设置,使得申请中携带了平安信息,查看源代码发现代码中设置了
axios.defaults.withCredentials= true示意客户端想要携带验证信息,这部分性能须要后盾反对,而后盾supportsCredentials个别被设置为false即不反对客户端携带验证信息
对后盾代码进行批改
protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException { res.addHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); res.addHeader("Access-Control-Allow-Methods", "*"); res.addHeader("Access-Control-Allow-Headers", "Accept,Authorization,DNT,Content-Type,Referer,User-Agent"); res.addHeader("Access-Control-Allow-Credentials","true"); // 容许携带验证信息 chain.doFilter(req, res);}问题解决
参考链接
mozilla的HTTP访问控制
介绍了跨域中其余的头信息