Google Chrome:当凭证标志为真时,不能在“Access-C
时间:2023-10-13问题描述
我知道这很常见,对于早期版本的 chrome,我曾经设置C:Program Files (x86)GoogleChromeApplicationchrome.exe" --args --disable-web-security--user-data-dir 在 chrome 快捷方式选项卡中避免访问控制允许来源"错误.使用最新版本,此修复似乎不再有效.安装最新版本 53.0.2785.89 m 后控制台报错
XMLHttpRequest 无法加载 https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html.对预检请求的响应未通过访问控制检查:当凭证标志为真时,不能在Access-Control-Allow-Origin"标头中使用通配符*".因此,不允许访问 Origin 'http://ibm-pb7en65:10080'.XMLHttpRequest 的凭据模式由 withCredentials 属性控制.
我不确定要添加哪些附加属性以避免Access-Control-Allow-Origin"错误.有什么方法可以实现吗?
错误告诉你服务器发回了这个响应头:
<上一页>访问控制允许来源:*...在凭据请求上.那是行不通的.对于带有凭据的请求,服务器必须返回 specific Access-Control-Allow-Origin 标头.
由于您是从 http://ibm-pb7en65:10080/ 发出请求,因此您的服务器必须发回此标头:
不能使用通配符*代替.
解决办法是:
- 更新服务器以执行此操作,或
- 从请求中删除凭据
详细信息,一如既往,在规范中.
I know this is something usual, With the earlier versions of chrome I used to set "C:Program Files (x86)GoogleChromeApplicationchrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console
XMLHttpRequest cannot load https://example.org:15003/apps/services/preview/rr/common/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?
The error is telling you that the server sent back this response header:
Access-Control-Allow-Origin: *
...on a credentialed request. That doesn't work. On a request with credentials, the server must return a specific Access-Control-Allow-Origin header.
Since you're making the request from http://ibm-pb7en65:10080/, your server must send back this header:
Access-Control-Allow-Origin: http://ibm-pb7en65:10080
It cannot use the wildcard * instead.
The solution is either:
- Update the server to do that, or
- Remove credentials from the request
Details, as always, in the specification.
这篇关于Google Chrome:当凭证标志为真时,不能在“Access-Control-Allow-Origin"标头中使用通配符“*"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
即使在调用 abort (jQuery) 之后,浏览器也会等待Browser waits for ajax call to complete even after abort has been called (jQuery)(即使在调用 abort (jQuery) 之后,浏览器也会等待 ajax 调用- JavaScript innerHTML 不适用于 IE?JavaScript innerHTML is not working for IE?(JavaScript innerHTML 不适用于 IE?)
- XMLHttpRequest 无法加载,请求的资源上不存在“AXMLHttpRequest cannot load, No #39;Access-Control-Allow-Origin#39; header is present on the requested resource(XMLHttpRequest 无法加载,请求的资
- XHR HEAD 请求是否有可能不遵循重定向 (301 302)Is it possible for XHR HEAD requests to not follow redirects (301 302)(XHR HEAD 请求是否有可能不遵循重定向 (301 302))
- XMLHttpRequest 206 部分内容XMLHttpRequest 206 Partial Content(XMLHttpRequest 206 部分内容)
- XMLHttpRequest 的 getResponseHeader() 的限制?Restrictions of XMLHttpRequest#39;s getResponseHeader()?(XMLHttpRequest 的 getResponseHeader() 的限制?)