The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

浏览器报The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

可以发现多了Authorization和Accept两个请求头，这两个请求头来自前端项目中的src/utils/request.js对请求经行了简单的安全设置，使得请求中携带了安全信息，查看源代码发现代码中设置了

axios.defaults.withCredentials= true

表示客户端想要携带验证信息，这部分功能需要后台支持，而后台supportsCredentials一般被设置为false即不支持客户端携带验证信息

对后台代码进行修改

protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
    res.addHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
    res.addHeader("Access-Control-Allow-Methods", "*");
    res.addHeader("Access-Control-Allow-Headers", "Accept,Authorization,DNT,Content-Type,Referer,User-Agent");
    res.addHeader("Access-Control-Allow-Credentials","true"); // 允许携带验证信息
    chain.doFilter(req, res);
}