我有一个主域和一个子域(Mautic Is Installed),不幸的是,如果在子域中设置Mautic,我有一个跨域HTTP请求问题。当我加载example.com时,我在Safari控制台得到以下错误:
Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin. XMLHttpRequest cannot load https://subdomain.example.com/mtc.
Origin https://example.com is not allowed by Access-Control-Allow-Origin.
出于安全原因,这是有意义的。
所以,我添加头集Access-Control-Allow-Origin: https://example.com
到https://subdomain.example.com /etc/httpd/conf/httpd.conf
文件。感谢MDN上关于CORS的这篇文章。但是,现在我得到以下错误:
Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
然后,将header set Access-Control-Allow-Credentials: true
添加到/etc/httpd/conf/httpd.conf
文件中。但是我仍然得到一个错误:
Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers
这就是我被困住的地方,有人能帮帮我吗?提前感谢。
我找到了解决这个问题的方法。您需要做的是设置Origin、Headers和Credentials。我想念"标题"。部分,我没有在我的httpd.conf
中指定。下面是完整的配置:
Header set Access-Control-Allow-Origin: https://example.com
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials true