1. 首頁
  2. 問答
  3. Access-Control-Allow-Headers不允許請求標頭字段X-Requested-With。 (CORS)

Access-Control-Allow-Headers不允許請求標頭字段X-Requested-With。 (CORS)

2016-10-21 83 views
1

我有一個主域和子域(Mautic已安裝),不幸的是,我有一個跨來源的HTTP請求的問題,如果mautic是一個子域之內設置。當我加載example.com時,Safari控制檯中出現以下錯誤:Access-Control-Allow-Headers不允許請求標頭字段X-Requested-With。 (CORS)

Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin. XMLHttpRequest cannot load https://subdomain.example.com/mtc. 
Origin https://example.com is not allowed by Access-Control-Allow-Origin.

這對安全原因有意義。

因此,我添加標頭集Access-Control-Allow-Origin: https://example.comhttps://subdomain.example.com/etc/httpd/conf/httpd.conf文件。感謝這篇關於CORS on MDN的文章。不過,現在我得到以下錯誤:

Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true". 
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".

然後,我添加header set Access-Control-Allow-Credentials: true/etc/httpd/conf/httpd.conf文件。但我仍然得到一個錯誤:

Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. 
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

而且,這就是我堅持,有人能幫助我嗎?提前致謝。

來源

2016-10-21 Xrait

+1

不完全一樣的,這一點應該幫助:http://stackoverflow.com/questions/13146892/cors-access-control-allow-headers-wildcard-being-ignored –

回答

0

我找到解決這個問題。你需要做的是設置產地,頁眉和證書什麼。我錯過了我沒有在我的httpd.conf中指定的「標題」部分。下面是完整的配置:

Header set Access-Control-Allow-Origin: https://example.com 
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept" 
Header set Access-Control-Allow-Credentials: true

來源

2016-10-22 15:07:25 Xrait

+0

沒有工作的'的值「接入控制允許證書」在響應頭是「真,真」,這必須是「真」,當請求的憑證模式是「include'' – nodws

相關問題

 相關問題