允许选项请求中的凭据所需的更改

Changes required to allow credentials in options requests

我一直在努力满足 CORS 要求,以便在我的选项请求中将 allowCredentials 标志设置为 true。我发现在响应中 header Access-Control-Allow-Origin 需要精确匹配请求来源的域(不仅仅是通配符)。但是,我进行了此更改,但仍然收到此错误:

"XMLHttpRequest cannot load . A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin is therefore not allowed access."

这是我的 headers:

Response Headers
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, content-type
Access-Control-Allow-Methods:HEAD,POST,GET,OPTIONS
Access-Control-Allow-Origin:http://<MyOrigin>
Access-Control-Max-Age:600
Allow:HEAD,POST,GET,OPTIONS
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:<MyContentType>
Date:Fri, 18 Sep 2015 16:19:30 GMT
Keep-Alive:timeout=5, max=99
Server:Apache
Vary:Accept-Encoding

Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:<MyLanguages>
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:<MyOrigin>
Origin:http://<MyOrigin>
Pragma:no-cache
Referer:http://<MyOrigin>?<MyRequest>
User-Agent:<MyUserAgent> 

如您所见,我的 Access-Control-Allow-Origin 不是 通配符。我还需要进行哪些其他更改才能停止出现这些错误?

此外,我在 Chrome 和 Safari 中都遇到了这个问题,所以我认为这不是特定于浏览器的问题

access-control-allow-origin header 必须在对 POST 与 OPTIONS 配对的响应中正确设置,而不仅仅是对 OPTIONS 请求的响应。