[英]Purge X-CSRF-TOKEN for visitors to fix XMLHttpRequest being blocked by CORS policy
我刚刚将网站从一台主机切换到另一台主机,由于某些原因,在尝试访问第三方API时遇到以下多个错误
Access to XMLHttpRequest at 'https://externalwebsite.com/api/' from origin 'https://www.mainwebsite.com.au' has been blocked by CORS policy: Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight response.
.htaccess文件具有CORS策略,以允许以下连接:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
我可以看到旧主机设置了以下cookie,当我在系统上删除它们时,它使网站能够正常工作:
XSRF-TOKEN 1551054855|ZxDIR_16hNnw .www.mainwebsite.com
hs 1333923782 .www.mainwebsite.com
svSession 253f275579e7747b6495ca6ff45ba024da3bd3b36906f5ac14b709de48792403faf1d3bbff2205d92d2e9a8de90d4b101e60994d53964e647acf411e4f798bcd4c6094311de4bdfbf81f1c6cdfaa3e9de1f5fc736f232b0c584f30f1f7d232d9 .www.mainwebsite.com
我如何包含一些PHP或Javascript来清除那些加载了该网站的人的cookie,从而使其正常加载给那些过去访问该网站的人?
如果您能给我更多有关前端框架的信息,我会更清楚地说明。
可能的解决方案:在页面上加载添加脚本以删除Cookie
$(window).load(function() {
$.cookies.del('name_of_your_cookie');
});
现在将删除cookie,只需添加一个read cookie命令和一个条件即可检查cookie是否旧并且需要删除。
您可以使用document.cookie读取cookie并进行分析以检查键值。
如有任何查询,请Ping我:)
全局添加X-CSRF-Token标头到XMLHttpRequest()的所有实例;
[英]Adding X-CSRF-Token header globally to all instances of XMLHttpRequest();
调用 reddit api 以获取访问令牌被 CORS 策略阻止
[英]Calling reddit api to get access token is being blocked by CORS policy
XMLHttpRequest已被CORS策略阻止-https://openid-connect-eu.onelogin.com/oidc/token
[英]XMLHttpRequest has been blocked by CORS policy - https://openid-connect-eu.onelogin.com/oidc/token
如何修复“对 XMLHttpRequest 的访问已被 CORS 策略阻止”重定向不允许仅用于一条预检请求
[英]how to fix 'Access to XMLHttpRequest has been blocked by CORS policy' Redirect is not allowed for a preflight request only one route
Docker:对 XMLHttpRequest 的访问已被 CORS 策略阻止
[英]Docker: Access to XMLHttpRequest has been blocked by CORS policy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.