浏览器显示的信息如下:
from origin 'http://www.docway.net' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
参考了该博主的文章:https://www.jinxiaoliang.cn/V/213.html
对odoo 的代码修改如下:
# 第一处
@http.route(
"/api/auth/token", methods=["GET","OPTIONS"], type="http", auth="none", csrf=False,cors='http://www.docway.net',
save_session=False
)
#第二处:
if request.endpoint and 'cors' in request.endpoint.routing:
self.headers.set('Access-Control-Allow-Origin', request.endpoint.routing['cors'])
self.headers.set('Access-Control-Allow-Credentials', 'true') # 改
methods = 'GET, POST'
if request.endpoint.routing['type'] == 'json':
methods = 'POST'
elif request.endpoint.routing.get('methods'):
methods = ', '.join(request.endpoint.routing['methods'])
self.headers.set('Access-Control-Allow-Methods', methods)
# 第三处:
if request.httprequest.method == 'OPTIONS' and request.endpoint and request.endpoint.routing.get('cors'):
headers = {
'Access-Control-Max-Age': 60 * 60 * 24,
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode'
,'Access-Control-Allow-Credentials':'true' # 改
}
return Response(status=200, headers=headers)