No 'Access-Control-Allow-Origin' .. set mode to 'no-cors' .. with CORS disabled

·  阅读 46

问题

request 请求统一增加请求头参数 Username,有一处访问静态文件也用的request请求,结果报错如下,其他接口不报错,去掉 Username 也不报错

Access to fetch at 'http://a1.xx.com.cn/' from origin 'http://a.xx.com.cn' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: **No 'Access-Control-Allow-Origin' header** is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

解决

1、来源:www.jianshu.com/p/3a040984f…

前端附带身份凭证的请求,所以服务器Access-Control-Allow-Origin 不能设为 *
Access-Control-Allow-Credentials: true
就不能设置Access-Control-Allow-Origin:'*'
复制代码

试了一下,去掉 Access-Control-Allow-Credentials: true,还是报错

2、来源:www.jianshu.com/p/4263a038a…

// 在nginx1.12版本之上使用以下的方式来解决跨域方式

location /xxx/{
         if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 200;
        }
        if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
        }
        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
        }
        
        alias /xxx/;
 }
复制代码

试了一下,可以正常访问

3、来源:blog.csdn.net/qq_40739917…

修改如下:

add_header 'Access-Control-Allow-Origin' '*' always;
if ($request_method = 'OPTIONS') {
   return 204;
}
复制代码

可以正常访问

分类:
后端
标签:
收藏成功!
已添加到「」, 点击更改