DWQA QuestionsCategory: ServerAfter the client in the hybrid app is allowed to send cookies, the server must set a domain name across domains?
Grey V touch asked 2 weeks ago

Client code:

let xhr = new XMLHttpRequest();
xhr.open('post' , url , true);
xhr.withCredentials = true;
xhr.send(null);

Server:

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');

Client error:

Access to XMLHttpRequest at 'http://t.com/index.php' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

The request header also becomes a request header without complete information
clipboard.png
Excuse me, how to allow the client to carry it under the mixed app development modecookie ??

vivi replied 2 weeks ago

The resource you want to get, the onehttp://t.com/index.phpIs it local?

vivi replied 2 weeks ago

Yeah

vivi replied 2 weeks ago

I have configured the server locally, no problem.

1 Answers
lifei6671 answered 2 weeks ago
header('Access-Control-Allow-Origin: *');

This sentence cannot be returned*, should be a specific domain name, such as:

header('Access-Control-Allow-Origin: http://t.com');
Grey V touch replied 2 weeks ago

blendappIn the development mode of,htmlAll the files are packaged into the app, that is, saved to the user’s mobile phone, and they are openedappIn fact, it isfile:///var/website/test/index.htmlIt opens in this way. So, they actually don’t have a domain name, as shown in the figure above. When they request, theiroriginField isnull

Grey V touch replied 2 weeks ago

I set it toAccess-Control-Allow-Origin: nullThere’s no problem when I’m browsing. It’s just that I’m worried about whether all browsers can access requests from local files,OriginFields are set tonull… if not, what I set on the server will have no effect.

lifei6671 replied 2 weeks ago

The mainstream ones are IOS and Android. As long as these two are OK, they should be OK. In addition, some browsers will ban itfile:///The protocol initiates an Ajax request. I haven’t done app development, so I can’t give you suggestions.