HTTPListener“凭据标志”谎言

Question

我收到错误消息：“当凭据标志为真时，不能在 'Access-Control-Allow-Origin' 标头中使用通配符。”尝试从 javascript socket.io 网页访问 c# httplistener 程序时。

我不明白的是我有以下代码设置访问控制允许凭据为 FALSE：

                // Note: The GetContext method blocks while waiting for a request. 
                HttpListenerContext context = listener.GetContext();
                UpdateListbox(PluginCore.listMain, "HTTP Client connected", true);
                HttpListenerRequest request = context.Request;
                // Obtain a response object.
                HttpListenerResponse response = context.Response;
                response.AddHeader("Access-Control-Allow-Credentials", "false");
                response.AddHeader("Access-Control-Allow-Origin", "*");
                response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");

                // Construct a response. 
                string responseString = "Hello world!";
                byte[] buffer = System.Text.Encoding.UTF8.GetBytes(responseString);
                // Get a response stream and write the response to it.
                response.ContentLength64 = buffer.Length;
                System.IO.Stream output = response.OutputStream;
                output.Write(buffer, 0, buffer.Length);
                // You must close the output stream.
                output.Close();

这对我来说毫无意义。谁能指出我做错了什么？

Answer 1

从 JavaScript 发送的 XmlHttpRequest 不应具有 withCredentials = true; 或响应不应发送 Access-Control-Allow-Credentials 标头或其值应为 true 以便浏览器实际发送响应。这是由于 CORS 中的安全限制。 https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Requests_with_credentials