技术文章 - CS312490
跨域资源共享 (CORS) 错误 - ThingWorx 中的“当请求凭据为‘include’时,响应中‘Access-Control-Allow-Origin’标头的值不能是通配符‘*’”
已修改: 18-Sep-2024
适用于
- ThingWorx Platform 8.3 SP7 to 9.1
说明
- 尝试使用 Web 浏览器访问 ThingWorx API 时返回以下错误,该错误不等于提供的来源
Access to XMLHttpRequest at ' URL ' (redirected from 'URL') from origin 'URL' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value
- 如何为 ThingWorx 配置 CORS
- CORS 配置已放入 Tomcat 的web.xml ( <Tomcat Home>\conf\web.xml )
- cors.allowed.origin参数配置如下
<init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param>
- Chrome 开发工具控制台(F12)上出现错误:
Access to XMLHttpRequest at '<hostname>/<ThingworxAPI>/<appkey>' from origin 'null' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
From origin 'null' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
这是文章 312490 的 PDF 版本,可能已过期。最新版本 CS312490