'Access-Control-Allow-Origin' must not be the wildcard'*' - Codes Helper - Programming Question Answer

'Access-Control-Allow-Origin' must not be the wildcard'*'

I call b.com "s API across domains under a.com:

return HttpService.ajax({
    url: config.URL_GET_GIFT,
    type: "GET",
    dataType: "json",
    data: params,
    xhrFields:{
        withCredentials:true
    }
});

then configure nginx to

under b.com

-sharp
map $http_origin $other_domain {
    default  0;
    "~http://m.jd.id" http://m.jd.id;
    "~https://m.jd.id" https://m.jd.id;
}

server {
    listen 80;
    server_name vip.jd.id;

    
    location / {
        proxy_pass http://127.0.0.1:8100/;

        proxy_set_header Cookie $http_cookie;
        proxy_cookie_domain localhost nginx_server;
        add_header Access-Control-Allow-Origin http://a.com;
        add_header Access-Control-Allow-Headers Content-Type;
        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
        add_header Access-Control-Allow-Credentials true;
    }
}

nginx in a.com is configured as
server {

listen 80;
server_name a.id;

location / {
    proxy_pass http://127.0.0.1:8097/;
}

}

at the same time, the b.com background is configured:

corsConfiguration.addAllowedOrigin("http://a.com/");

but there was an error in the console:

The value of the "Access-Control-Allow-Origin" header in the response must not be the wildcard "*" when the request"s credentials mode is "include". Origin "http://a.com" is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

could you tell me how to solve the problem?

Cross-domain javascript

Sep.08,2021

Cross-domain if you want to bring cookie, Access-Control-Allow-Origin , you cannot set it to * . You need to specify a specific domain name .
in other words:
Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: * cannot be used at the same time.

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard' * 'when the request's credentials mode is' include'. Origin' http://a.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

do not write clearly, do not allow *, then you can write a specific domain name.

Access-Control-Allow-Origin should be written as the specified domain name, not *

Previous: Ask for help, why can't this append display?

Next: How to regroup the queried data?

Cross-domain carrying problem of cookie
currently I have an interface with the address a.com and the page requests b.com . Using CORS to cross-domain, the data is fine and can be returned normally, but how to pass cookie under a.com to b.com ? The request is using fetch , and creden...

Cross-domain javascript

Mar.03,2021
The cross-domain problem of canvas toDataURL is set to crossOrigin = 'anonymous', which does not completely solve the problem.
Today, I wrote an H5 that generates a poster on WeChat, in which a poster needs to get the user s avatar and draw it on canvas. The avatar was obtained, and the attribute crossOrigin = anonymous was added to the picture when loading. There was a pr...

Cross-domain javascript canvas

Mar.03,2021
Http page failed to send https request
http page failed to send https request with ajax. Is there a good solution? ...

Jquery php https ajax-cross-domain javascript

Mar.09,2021
AJAX sends json data PUT to request other domain problems.
using node s hapi framework, API service. Then request the API to have a cross-domain problem through ajax in a project. route.options.cors Default value: false (no CORS headers). The Cross-Origin Resource Sharing protocol allows browsers to make cro...

Ajax-cross-domain javascript node.js

Mar.23,2021
On the cross-domain problem of Cordova APP request API
when you make a cross-domain request for a normal web page, you only need to set Access-Control-Allow-Origin: domain name . However, it seems that Cordova APP is a local request on the phone without waiting for a domain name. How to set Header ...

Cordova cross-domain javascript http php

Dec.13,2021
There is a cross-domain in bootstrap table. Why is there only a 'option',' request but no successful returned link?
json.ele.bootstrapTable ({) url: json.url, columns: columns, pagination: true, strictSearch: true, cache: false, striped:true, pageList: [ all ], method: GET , contentType: application json , dataType: jsonp , jsonp: call![][1]back , ...

Bootstrap-table ajax-cross-domain javascript

Mar.24,2022
Js cross-domain problem
Today, brushing to cross-domain knowledge seems to be the homologous strategy of browsers. The solution is jsonp. I suddenly remembered whether the get I used before was also cross-domain and the domain name was different. But I can request successfully...

Cross-domain javascript

May.24,2022

Menu