我在后端已经添加了header("Access-Control-Allow-Origin:*");
,但是为什么前端使用js请求时还是出现
<code>Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://nichijou.org/x. (Reason: CORS header 'Access-Control-Allow-Origin' missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://nichijou.org/x. (Reason: CORS request failed).</code>
我在后端已经添加了header("Access-Control-Allow-Origin:*");
,但是为什么前端使用js请求时还是出现
<code>Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://nichijou.org/x. (Reason: CORS header 'Access-Control-Allow-Origin' missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://nichijou.org/x. (Reason: CORS request failed).</code>
很多浏览器都已经不支持使用 *
来设置 Access-Control-Allow-Origin
了,正常的做法是 header("Access-Control-Allow-Origin:".$_SERVER['HTTP_HOST']);
如果需要传递 COOKIE 的话还需要搭配 Access-Control-Allow-Credentials: true
这个头使用。具体可以看文档:https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control
什么浏览器啊,版本号都列出来