问题
Although the OPTIONS returns * for Allow-Headers I'm getting the following CORS response.
Access to XMLHttpRequest at
'https://example1.com'from origin'https://example2.net'has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.
While the OPTION request looks like this:
Request Method: OPTIONS
Status Code: 204
Request headers:
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Response headers:
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-max-age: 86400
content-length: 0
content-type: text/plain charset=UTF-8
date: Wed, 12 Jun 2019 05:03:06 GMT
status: 204
回答1:
I was facing the same issue with Firefox and IE but not in chrome. Instead of setting the access-control-allow-headers: * add a comma separated list of the headers allowed like this Authorization,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers it worked for me through a filter
来源:https://stackoverflow.com/questions/56556415/access-control-allow-headers-is-being-ignored