我已经在Spring Webocket应用程序中配置了Credentials
到false
.然而,当我请求http://192.168.7.175/api/webSocketEndPoint/info?t=17139606
时,响应状态为200.尽管如此,还是出现了CORS
个问题,并记录了以下错误:
Access to XMLHttpRequest at 'http://192.168.7.175/api/webSocketEndPoint/info?t=1713960686964' from origin 'http://192.168.7.175:9092' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
奇怪的是,当我使用fetch('http://192.168.7.175/api/webSocketEndPoint/info?t=17139606')
时,它返回200状态,没有任何CORS
个错误.我的服务器使用Spring Webocket实现,客户端使用sockJs发出请求.
是什么导致两种提出请求的方法之间的CORS
种行为存在差异?
Note: We shouldn't set 'allow-credentials' to true because of CSRF attacks, right?