Home > Article > Web Front-end > How to solve the problem of Ajax cross-domain access, session cannot be saved, etc.
Add configuration in ajax request
$.ajax({ url:url, //加上 xhrFields及crossDomain xhrFields: { //允许带上凭据 withCredentials: true }, crossDomain: true, //以上 success:function(result){ alert("test"); }, error:function(){ } });
withCredentials:
By default, cross-origin requests do not provide credentials (cookies, HTTP authentication, client SSL certification, etc.). You can specify that a certain request should send credentials by setting the withCredentials property to true. If the server receives a request with credentials, it will respond with the following HTTP headers."Access-Control-Allow-Credentials: true"
If a request with credentials is sent, but the server's response does not include the above header, Then the browser will not hand over the response to JavaScript (so the responseText will be an empty string, the status value will be 0, and the onerror() event handler will be called). In addition, the server can also send this HTTP header in the Preflight response to indicate that the origin is allowed to send requests with credentials.
Browsers that support the withCredentials attribute include Firefox 3.5+, Safari 4+ and Chrome. IE10 and earlier versions are not supported.
At the same time
After adding the basic allow cross-domain response header
You need to add Access-Allow-Credentials:true
In addition, due to Google’s security policy
When withCredentials is true
Access-Allow-Origin in ResponseHeader cannot use wildcard '*'
Otherwise, it will prompt
##Other browsing Server to be tested According to the browser’s protection rules,A wildcard '*' cannot be us
ed in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://url' is therefore not allowed access.
$.ajax({ url:url, //加上 xhrFields及crossDomain xhrFields: { //允许带上凭据 withCredentials: true }, crossDomain: true, //以上 success:function(result){ alert("test"); }, error:function(){ } });About withCredentials
NoteAfter adding the basic allow cross-domain response headerwithCredentials: By default, cross-origin requests do not provide credentials (cookies, HTTP authentication, client SSL certification, etc.). You can specify that a certain request should send credentials by setting the withCredentials property to true. If the server receives a request with credentials, it will respond with the following HTTP headers.
"Access-Control-Allow-Credentials: true"
If a request with credentials is sent, but the server's response does not include the above header, Then the browser will not hand over the response to JavaScript (so the responseText will be an empty string, the status value will be 0, and the onerror() event handler will be called). In addition, the server can also send this HTTP header in the Preflight response to indicate that the origin is allowed to send requests with credentials. Browsers that support the withCredentials attribute include Firefox 3.5+, Safari 4+ and Chrome. IE10 and earlier versions are not supported.At the same time
You need to add Access-Allow-Credentials:true
In addition, due to Google’s security policy
When withCredentials is true
Access-Allow-Origin in ResponseHeader cannot use wildcard '*'
Otherwise, it will prompt
A wildcard '*' cannot be used in the 'Access -Control-Allow-Origin' header when the credentials flag is true. Origin 'http://url' is therefore not allowed access.Other browsers to be tested
The above is the detailed content of How to solve the problem of Ajax cross-domain access, session cannot be saved, etc.. For more information, please follow other related articles on the PHP Chinese website!