Front-end separated development encounters cross-domain problems
the backend needs session verification, and
the front end uses
xhrFields : {
withCredentials: true
},
crossDomain : true,
backend configuration
put the backend into the session of cookie and pass it over.
two solutions have been tried:
one.
the backend sets Access-Control-Allow-Origin to * and Access-Control-Allow-Credentials to true, but both chrome and Firefox report wrong because the front end sets withCredentials: true.
II.
the backend sets Access-Control-Allow-Origin to the specific IP address and port number of the frontend. Firefox accesses normally, and the backend can get session normally, but the chrome browser is blocked, the requestHeader is not displayed, and the backend does not get session.
now the front end is debugged by modifying the chrome browser attribute (--args-- disable-web-security-- user-data-dir). Will this cross-domain problem continue after the product is launched? If the same as the test can not allow users to change the configuration wow, I would like to ask you whether there is a way to solve, thank you.