What if the server has to set the domain name across domains after the client in the hybrid app is allowed to send cookie?

< H2 > client code: < / H2 >
let xhr = new XMLHttpRequest();
xhr.open("post" , url , true);
xhr.withCredentials = true;
xhr.send(null);
< H2 > server: < / H2 >
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");
< H2 > client error: < / H2 >
Access to XMLHttpRequest at "http://t.com/index.php" from origin "null" has been blocked by CORS policy: The value of the "Access-Control-Allow-Origin" header in the response must not be the wildcard "*" when the request"s credentials mode is "include". The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

the request header also becomes a request header without complete information:

clipboard.png

excuse me, under the mixed app development mode, how to allow the client to carry cookie ?

Oct.20,2021

header('Access-Control-Allow-Origin: *');

this sentence cannot return * . It should be a specific domain name, such as

.
header('Access-Control-Allow-Origin: http://t.com');
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e3fb4e-43590.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e3fb4e-43590.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?