• ..

Figma

    オリジン間リソース共有 (CORS)

    いつか書く。

    Access-Control-Allow-Origin

    通信許可できる参照元オリジン名。

    Access-Control-Allow-Methods

    この通信で許可できるメソッド GET, POST, OPTIONS, PUT, PATCH, DELETE

    Access-Control-Allow-Headers

    通信時にヘッダーに含めても大丈夫な項目。

    Access-Control-Allow-Credentials

    クッキーをやり取りするかどうか。する場合はtrueを指定します。

    エラー

    Access to fetch at 'APIのURL' from origin '送信元origin' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value '送信元origin' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

    OPTIONSのヘッダーのAccess-Control-Allow-Originの値と実際のメソッドのヘッダーで返しているAccess-Control-Allow-Originの値が異なる。