: ... : CORS CORS "Access-Control-Allow-Headers" "crypt-token" the problem is that the server side has been set to allow cross-domain:
so what I want to ask is: why do browsers intercept requests when cross-domains are already allowed on the server side? How should I solve it? Has anyone ever had this problem?
< hr >solution and supplement:
are you a local developer opening the page? The address is c://xxxx/index.html or something, so that even if the server is set to allow cross-domain, there will be problems
response header Access-Control-Allow-Headers cannot be set to *.
is this' crypt-token''a custom header? If so, you need to set Access-Control-Allow-Headers to 'crypt-token'.
Cross-domain explanation: https://www.imooc.com/learn/947 (5-14 explains the cross-domain of custom headers. The video only talks about the cross-domain approach, not the cross-domain security issues.
Previous: Prompt "RegisterModelWithPrefix must be run before BootStrap"
Next: Uncaught TypeError: Cannot read property 'core' of undefined?