I am a rookie. I also read a lot of http materials on the Internet, but I only saw what he wrote, but I didn"t understand what he meant again.

problem is this: currently the cross-domain problem is solved by setting Access-Control-Allow-Origin: * at the back end (I don"t understand the back end)! The front end all requests the interface through ajax. Today, call the download file API to find the browser prompt "No "Access-Control-Allow-Origin" header is present on the requested resource.". Origin" http://localhost:9000" is therefore not allowed access". The following is a screenshot of the request:

the request was successful and the data was obtained, but why is it still prompted to cross-domain? And all the other interfaces are fine, except this one.
then I compared the response headers of other interfaces. All the other interface response headers have information about Access-Control-Allow-xxxx, including Access-Control-Allow-Origin:*;, and this interface response header has nothing! If I didn"t request the successful data and didn"t get it, I probably thought the backend didn"t set up to allow me to access this domain, but right now. I don"t know what"s going on. The Book of Heaven. This is, this is as foolish as finding a farmer"s uncle in the farmland to explain to him the construction of aircraft carriers.

my understanding is that this cross-domain is still intercepted by the browser. Although your backend returns data, the browser homology policy (because there is no Access-Control-Allow-Origin:*) still considers that cross-domain, so it will not trigger the success, of ajax. Then the problem arises again. If Access-xxx is not set at the backend, I should not be able to request it. It"s even less possible to get the data, so if it"s set. Where"s Access-xxx?

I have a junior high school education. I hope my seniors can explain the whole issue in an easy-to-understand way. Thank you very much!