热门标签
热门文章
- 1java静态变量和成员变量的区别_java中静态变量和成员变量的区别
- 2HarmonyOS开发30:TextField文本输入框组件基本用法_某harmonyos开发者在开发一款应用时 需要设置文本输入框初始状态下不能被输入
- 3glance image-create上传镜像失败,报Error finding address for http:_glance创建镜像出错
- 4vscode + vite + vue3 + ts + eslint + stylelint 代码自动格式化_vite lintonsave
- 5IntelliJ IDEA 2023.2安装与激活_idea 2023.2激活
- 6水泥领域智慧工厂物联网解决方案
- 7数据库的基本概念
- 8GCC编译原理——链接_gcc 重定位 链接原理
- 9MapWindow GIS二次开发
- 10adb正常,但Android Studio 找不到所连接的真机设备或虚拟机的问题解决办法_android studio adb devices能读到设备,但是运行那里不显示
当前位置: article > 正文
前后端分离常见跨域问题及解决方法_has been blocked by cors policy: request header fi
作者:IT小白 | 2024-03-29 10:03:03
赞
踩
has been blocked by cors policy: request header field authorization is not a
1、has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
原因:跨域的allow_headers没有设置authorization
"allow_headers": ["Referer", "Accept", "Origin", "User-Agent"]
- 1
解决方法,加个Authorization就可以
"allow_headers": ["Referer", "Accept", "Origin", "User-Agent", "Authorization"]
- 1
2、has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Credentials’ header in the response is ‘’ which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
原因:Access-Control-Allow-Credentials设置为True, Control-Allow-Origin就不能为"*"。
解决方法:
(1)前端配置withCredentials=true, 后端把Origin设置为指定源,同时加上Credentials=true
http {
server {
listen 80;
server_name localhost;
修改为
add_header 'Access-Control-Allow-Origin' 'host:port';
add_header "Access-Control-Allow-Credentials" "true"; # 新增这一个
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
(2) 前端配置withCredentials=false, 后端把Origin不修改
3、出现多个origin, has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘http://192.168.3.46:9528, *’, but only one is allowed.
原因:可能是出现重复配置跨域导致。我出现这个原因因为nginx和flask两个都配置了跨域请求,导致一个出现这种情况
下面是我配置信息:
# falsk配置信息
cors = CORS(resources={
r"*": {
"origins": "*",
"methods": ["PUT", "GET", "POST", "DELETE", "OPTIONS"],
"allow_headers": ["Referer", "Accept", "Origin", "User-Agent", "Token"],
}
})
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
# nginx配置信息
http {
server {
listen 80;
server_name localhost;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
location / {
proxy_pass http://flask_app:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
解决方法:两个保留其中一个就可以
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/IT小白/article/detail/335219
推荐阅读
相关标签
