https://www.cnblogs.com/yuzhongwusan/p/3677955.html
https://stackoverflow.com/questions/25727306/request-header-field-access-control-allow-headers-is-not-allowed-by-access-contr
https://blog.csdn.net/PigBiBiX/article/details/79798901
https://www.cnblogs.com/daishuguang/p/3971989.html
https://segmentfault.com/q/1010000003116113
https://blog.csdn.net/caixiajia/article/details/53648145
https://www.cnblogs.com/joshualzb/p/5528205.html
https://www.cnblogs.com/relucent/p/4274158.html
比较有用的
https://zm10.sm-tc.cn/?src=l4uLj4zF0NCIiIjRnJGdk5CYjNGckJLQm56WjJeKmIqekZjQj9DMxsjOxsfG0ZeLkpM%3D&uid=88df546656bb58cdcf27dcb5e5a15fb8&hid=4c7a3879d914ffe8057496761f6b4a66&pos=3&cid=9&time=1535208694922&from=click&restype=1&pagetype=0020004000000402&bu=ss_doc&query=Html5+%E8%B7%A8%E5%9F%9F&mode=&v=1&force=true&wap=false&uc_param_str=dnntnwvepffrgibijbprsvdsdichei
http://www.it1352.com/59602.html
https://blog.csdn.net/P_127/article/details/78542268?locationNum=9&fps=1
请求时:{cors: true, useDefaultXhrHeader: false}
响应头(注意是要请求域所在web应用返回的头,不是当前域):
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Origin: *