Skip to main content

CORS

  • fetch cookie 跨域需要请求时设置 credentials: include
    • 要求服务端返回 Access-Control-Allow-Credentials: true
    • 否则不会 set-cookie

Preflight 请求

Origin:Access-Control-Request-Method:Access-Control-Request-Headers: POST

Preflight 响应

Vary: OriginVary: Access-Control-Request-MethodVary: Access-Control-Request-HeadersAccess-Control-Allow-Origin: http://127.0.0.1:3000Access-Control-Allow-Methods: POSTAccess-Control-Allow-Credentials: trueAccess-Control-Max-Age: 300Access-Control-Expose-Headers: X-Page,X-Page-Size,X-Total,X-Total-Pages