On the problem of cross-domain

: ...  : CORS  CORS  "Access-Control-Allow-Headers"  "crypt-token"  

the problem is that the server side has been set to allow cross-domain:

clipboard.png

so what I want to ask is: why do browsers intercept requests when cross-domains are already allowed on the server side? How should I solve it? Has anyone ever had this problem?

< hr >

solution and supplement:


are you a local developer opening the page? The address is c://xxxx/index.html or something, so that even if the server is set to allow cross-domain, there will be problems


The

response header Access-Control-Allow-Headers cannot be set to *.
is this' crypt-token''a custom header? If so, you need to set Access-Control-Allow-Headers to 'crypt-token'.

Cross-domain explanation: https://www.imooc.com/learn/947 (5-14 explains the cross-domain of custom headers. The video only talks about the cross-domain approach, not the cross-domain security issues.
Menu