Cannot be set on the “access-control-allow-origin”

Blog.csdn.net

When allowCredentials is true, AllowedOrigins cannot contain the special value “* “Since that cannot be set on the” access-control-allow-origin” response header. To allow credentials to a set of origins, The list of them explicitly or consider using”allowedOriginPatterns “instead.

AllowedOrigins instead of.allowedoriginPatterns.

Modify before:

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    /** * Enable cross-domain */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // Enable cross-domain routing
        registry.addMapping("/ * *")
                // Set the domain name that allows cross-domain requests
                .allowedOrigins("*")
                // Whether to allow cookies
                .allowCredentials(true)
                // Set the allowed methods
                .allowedMethods("*")
                // Cross-domain allowed time
                .maxAge(3600); }}Copy the code

Revised:

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    /** * Enable cross-domain */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // Enable cross-domain routing
        registry.addMapping("/ * *")
                // Set the domain name that allows cross-domain requests
                .allowedOriginPatterns("*")
                // Whether to allow cookies
                .allowCredentials(true)
                // Set the allowed methods
                .allowedMethods("*")
                // Cross-domain allowed time
                .maxAge(3600); }}Copy the code