let xhr = new XMLHttpRequest(); xhr.open('post' , url , true); xhr.withCredentials = true; xhr.send(null);
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Credentials: true');
Access to XMLHttpRequest at 'http://t.com/index.php' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
The request header also becomes a request header without complete information
Excuse me, how to allow the client to carry it under the mixed app development mode
The resource you want to get, the onehttp://t.com/index.phpIs it local?
I have configured the server locally, no problem.
This sentence cannot be returned
*, should be a specific domain name, such as:
appIn the development mode of,
htmlAll the files are packaged into the app, that is, saved to the user’s mobile phone, and they are opened
appIn fact, it is
file:///var/website/test/index.htmlIt opens in this way. So, they actually don’t have a domain name, as shown in the figure above. When they request, their
I set it to
Access-Control-Allow-Origin: nullThere’s no problem when I’m browsing. It’s just that I’m worried about whether all browsers can access requests from local files,
OriginFields are set to
null… if not, what I set on the server will have no effect.
The mainstream ones are IOS and Android. As long as these two are OK, they should be OK. In addition, some browsers will ban it
file:///The protocol initiates an Ajax request. I haven’t done app development, so I can’t give you suggestions.