问题

request 请求统一增加请求头参数 Username，有一处访问静态文件也用的request请求，结果报错如下，其他接口不报错，去掉 Username 也不报错

Access to fetch at 'http://a1.xx.com.cn/' from origin 'http://a.xx.com.cn' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: **No 'Access-Control-Allow-Origin' header** is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

解决

1、来源：www.jianshu.com/p/3a040984f…

前端附带身份凭证的请求，所以服务器Access-Control-Allow-Origin 不能设为 *
Access-Control-Allow-Credentials: true
就不能设置Access-Control-Allow-Origin:'*'

试了一下，去掉 Access-Control-Allow-Credentials: true，还是报错

2、来源：www.jianshu.com/p/4263a038a…

// 在nginx1.12版本之上使用以下的方式来解决跨域方式

location /xxx/{
         if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 200;
        }
        if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
        }
        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
        }
        
        alias /xxx/;
 }

试了一下，可以正常访问

3、来源：blog.csdn.net/qq_40739917…

修改如下：

add_header 'Access-Control-Allow-Origin' '*' always;
if ($request_method = 'OPTIONS') {
   return 204;
}

可以正常访问

No 'Access-Control-Allow-Origin' .. set mode to 'no-cors' .. with CORS disabled

问题

解决