错误：

Failed to load https://www.*.com/: The value of the 'Access-Control-Allow-Origin'

header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Origin 'https://*.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

 

解决：使用一个变量替代*  例如：$http_origin

add_header Access-Control-Allow-Origin $http_origin;  

add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';

add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

add_header Access-Control-Allow-Credentials true;