What if the server has to set the domain name across domains after the client in the hybrid app is allowed to send cookie?

< H2 > client code: < / H2 >

let xhr = new XMLHttpRequest();
xhr.open("post" , url , true);
xhr.withCredentials = true;
xhr.send(null);

< H2 > server: < / H2 >

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");

< H2 > client error: < / H2 >

Access to XMLHttpRequest at "http://t.com/index.php" from origin "null" has been blocked by CORS policy: The value of the "Access-Control-Allow-Origin" header in the response must not be the wildcard "*" when the request"s credentials mode is "include". The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

the request header also becomes a request header without complete information:

excuse me, under the mixed app development mode, how to allow the client to carry cookie ?

App javascript php

Oct.20,2021

header('Access-Control-Allow-Origin: *');

this sentence cannot return * . It should be a specific domain name, such as

header('Access-Control-Allow-Origin: http://t.com');

Previous: When using absolute positioning, when the page content is too much, sliding down will appear a blank style, how to solve it?

Next: Rxswift self problem

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3ce7e-2c35a.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3ce7e-2c35a.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?