How is the cross-domain implementation of CROS OPTIONS?

read about CROS on the Internet, probably understand the flow of non-simple requests.
first Options the request, and then after the negotiation is successful, after the formal request.

nothing can be done. Do a hand-holding party
I customized two values in header for verification.

the browser reports the following cross-domain problems. 

: http://111.231.56.227:12084/monitor/detailMission : CORS  CORS  "Access-Control-Allow-Headers"  "appid"

JS Code 

    var form = new FormData();
    form.append("mission_id", "245d14793c0e4f4fa936755cd558841a");

    var settings = {
        "async": true,
        "crossDomain": true,
        "url": "http://111.231.56.227:12084/monitor/detailMission",
        "method": "POST",
        "headers": {
            "appId": "0000815",
            "appSecret": "cbd88ab8822fa",
        },
        "processData": false,
        "contentType": false,
        "mimeType": "multipart/form-data",
        "data": form
    };

    $.ajax(settings).done(function (response) {
        console.log(response);
    });

PHP Action 

        header("Content-type: application/json");
        header("Access-Control-Allow-Origin:*");

        if ($_SERVER["REQUEST_METHOD"] == "OPTIONS"){
            header("Access-Control-Allow-Methods:POST");
            header("Access-Control-Allow-Headers:*");
            header("Access-Control-Mas-Age:3600");
            $this->returnSuccess();
        }
        $this->checkAppIdAndSecret();
        $id = $this->getPost("mission_id");

people say that headers cannot be used *, so they change it

. 
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");

MethodsOPTIOHSGETPUT

Http php javascript
Apr.16,2021
Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers.

Access-Control-Allow-Headers does not accept wildcards.

cors-access-control-allow-headers-wildcard-being-ignored

< H2 > add < / H2 >

pay attention to spelling mistakes. The response allows appSecert , and the request sends appSecret .

your backend header does not allow appid, appSecret.
PHP add 

header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, appid, appSecret");

read MDN , but it doesn't say that Access-Control-Allow-Headers can use *

Access-Control-Allow-Methods to add options

.

Previous: Phpmailer uses to send letters to many people, but there is a problem with the title.

Next: How quilljs inserts a custom dom structure

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3739f-2b5c4.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3739f-2b5c4.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?