2019-04-14

from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

非跨域问题，解决方法 withCredentials: false

如果一定要设置为true则服务端设置

    header("Access-Control-Allow-Origin: http://localhost:8000");
或者  php      header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_ORIGIN']);

        header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Connection, User-Agent, X-Access-Token');
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Allow-Methods: GET, POST, HEAD, PUT, DELETE, PATCH, OPTIONS');