On the problem of cross-domain

: ...  : CORS  CORS  "Access-Control-Allow-Headers"  "crypt-token"  

the problem is that the server side has been set to allow cross-domain:

clipboard.png

so what I want to ask is: why do browsers intercept requests when cross-domains are already allowed on the server side? How should I solve it? Has anyone ever had this problem?

< hr >

solution and supplement:


are you a local developer opening the page? The address is c://xxxx/index.html or something, so that even if the server is set to allow cross-domain, there will be problems


The

response header Access-Control-Allow-Headers cannot be set to *.
is this' crypt-token''a custom header? If so, you need to set Access-Control-Allow-Headers to 'crypt-token'.

Cross-domain explanation: https://www.imooc.com/learn/947 (5-14 explains the cross-domain of custom headers. The video only talks about the cross-domain approach, not the cross-domain security issues.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1c29c2c-3398b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1c29c2c-3398b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?