我们的志愿者还没有将这篇文章翻译为 中文 (简体)。加入我们帮助完成翻译
您也可以阅读此文章的English (US)版。
Reason
Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’
What went wrong?
The CORS request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value of Access-Control-Allow-Origin, which doesn't allow the use of credentials.
To correct this problem on the client side, simply ensure that the credentials flag's value is false when issuing your CORS request.
- If the request is being issued using
XMLHttpRequest, make sure you're not settingwithCredentialstotrue. - If using Server-sent events, make sure
EventSource.withCredentialsisfalse(it's the default value). - If using the Fetch API, make sure
Request.credentialsis"omit".
If, instead, you need to adjust the server's behavior, you'll need to change the value of Access-Control-Allow-Origin to grant access to the origin from which the client is loaded.
See also
- CORS errors
- Glossary: CORS
- CORS introduction