I call b.com "s API across domains under a.com:
return HttpService.ajax({
url: config.URL_GET_GIFT,
type: "GET",
dataType: "json",
data: params,
xhrFields:{
withCredentials:true
}
});
then configure nginx to
under b.com-sharp
map $http_origin $other_domain {
default 0;
"~http://m.jd.id" http://m.jd.id;
"~https://m.jd.id" https://m.jd.id;
}
server {
listen 80;
server_name vip.jd.id;
location / {
proxy_pass http://127.0.0.1:8100/;
proxy_set_header Cookie $http_cookie;
proxy_cookie_domain localhost nginx_server;
add_header Access-Control-Allow-Origin http://a.com;
add_header Access-Control-Allow-Headers Content-Type;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
add_header Access-Control-Allow-Credentials true;
}
}
nginx in a.com is configured as
server {
listen 80;
server_name a.id;
location / {
proxy_pass http://127.0.0.1:8097/;
}
}
at the same time, the b.com background is configured:
corsConfiguration.addAllowedOrigin("http://a.com/");
but there was an error in the console:
The value of the "Access-Control-Allow-Origin" header in the response must not be the wildcard "*" when the request"s credentials mode is "include". Origin "http://a.com" is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
could you tell me how to solve the problem?