请求报头字段X-Requested-With不被Access-Control-Allow-Headers允许.(歌珥) - Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. (CORS )

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. (CORS )

我有一个主域和一个子域(Mautic Is Installed)，不幸的是，如果在子域中设置Mautic，我有一个跨域HTTP请求问题。当我加载example.com时，我在Safari控制台得到以下错误:

Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin. XMLHttpRequest cannot load https://subdomain.example.com/mtc.
Origin https://example.com is not allowed by Access-Control-Allow-Origin.

出于安全原因，这是有意义的。

所以，我添加头集Access-Control-Allow-Origin: https://example.com到https://subdomain.example.com /etc/httpd/conf/httpd.conf文件。感谢MDN上关于CORS的这篇文章。但是，现在我得到以下错误:

Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".

然后，将header set Access-Control-Allow-Credentials: true添加到/etc/httpd/conf/httpd.conf文件中。但是我仍然得到一个错误:

Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

这就是我被困住的地方，有人能帮帮我吗?提前感谢。

我找到了解决这个问题的方法。您需要做的是设置Origin、Headers和Credentials。我想念"标题"。部分，我没有在我的httpd.conf中指定。下面是完整的配置:

Header set Access-Control-Allow-Origin: https://example.com
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials true