Всем доброго!
Кака я то непонятная проблема у меня c CORS, при PUT или POST запросе, с GET - все впорядке.
На сервере express
app.put(`/requestRoute/`, async (req, res) => {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Redirect");
res.header("Access-Control-Allow-Methods", "PUT, POST, GET, DELETE, OPTIONS");
res.header("Access-Control-Allow-Credentials", true);
res.set('Access-Control-Allow-Origin', '*');
res.set('Access-Control-Allow-Headers', 'Content-Type')
на клиенте
fetch('https://myserver/requestRoute/',{
method: 'PUT',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Access-Control-Allow-Credentials': 'true'
},
body: JSON.stringify({ "someKey": "someVal" })
})
Даже в NGINX который проксирует все это дела добавил
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept,Authorization";
add_header "Access-Control-Request-Methods" "GET, POST, OPTIONS, PUT";
В результат роуты с GET проходят, а с PUT/POST не работают.
Уже совсем ничего не понимаю
...has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
Простой
Средний
