网校提交第三方出现跨域问题

时间：2020-06-20 13:56:53 收藏：0 阅读：45

has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

因为main.js有“setRequestHeader”操作，所以需要对代码进行屏蔽修改。

文件路径：web/static-dist/app/js/main.js

搜索代码

, s.ajaxSend(function (t, e, n) {
            var o = n.url;
            o = o.split("?")[0];
            var i = $(‘[data-url="‘ + o + ‘"]‘);
            if (i.data("loading")) {
                var r = void 0;
                r = cd.loading({isFixed: i.data("is-fixed")});
                $(i.data("target") || i).html(r)
            }
            "POST" === n.type && e.setRequestHeader("X-CSRF-Token", $("meta[name=csrf-token]").attr("content"))
        })

修改为

, s.ajaxSend(function (t, e, n) {
    let patt = /vod\/upload/g;
    if (n.url, patt.test(n.url)) {
        return;
    }
    ...
}