How is the cross-domain implementation of CROS OPTIONS?

read about CROS on the Internet, probably understand the flow of non-simple requests.
first Options the request, and then after the negotiation is successful, after the formal request.

nothing can be done. Do a hand-holding party
I customized two values in header for verification.

the browser reports the following cross-domain problems.

: http://111.231.56.227:12084/monitor/detailMission : CORS  CORS  "Access-Control-Allow-Headers"  "appid"  

JS Code

    var form = new FormData();
    form.append("mission_id", "245d14793c0e4f4fa936755cd558841a");

    var settings = {
        "async": true,
        "crossDomain": true,
        "url": "http://111.231.56.227:12084/monitor/detailMission",
        "method": "POST",
        "headers": {
            "appId": "0000815",
            "appSecret": "cbd88ab8822fa",
        },
        "processData": false,
        "contentType": false,
        "mimeType": "multipart/form-data",
        "data": form
    };

    $.ajax(settings).done(function (response) {
        console.log(response);
    });

PHP Action

        header("Content-type: application/json");
        header("Access-Control-Allow-Origin:*");

        if ($_SERVER["REQUEST_METHOD"] == "OPTIONS"){
            header("Access-Control-Allow-Methods:POST");
            header("Access-Control-Allow-Headers:*");
            header("Access-Control-Mas-Age:3600");
            $this->returnSuccess();
        }
        $this->checkAppIdAndSecret();
        $id = $this->getPost("mission_id");

people say that headers cannot be used *, so they change it

.
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");

MethodsOPTIOHSGETPUT

Apr.16,2021

Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers.

Access-Control-Allow-Headers does not accept wildcards.

cors-access-control-allow-headers-wildcard-being-ignored

< H2 > add < / H2 >

pay attention to spelling mistakes. The response allows appSecert , and the request sends appSecret .


your backend header does not allow appid, appSecret.
PHP add

header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");

read MDN , but it doesn't say that Access-Control-Allow-Headers can use *


Access-Control-Allow-Methods to add options

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e5232e-5971b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e5232e-5971b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?