CORS包含两部分验证

• 服务器端验证
• 浏览器验证

withCredentialH2

CORS请求当需要携带Cookie等敏感信息时，需要设置XMLHttpRequest.withCredential 参数，etch、axios等请求库也可以设置该参数。但是设置设置改参数后，需要服务器返回响应头Access-Control-Allow-Credentials 以表示服务器端允许跨域请求是携带相关参数

否则会报如下错误

Access to XMLHttpRequest at ’https://api-szjsc-test.anji.gov.cn/cockpit/jiaotj/service/api/69e8af318776456c9ecc3144d187f4f8/gateway/api/001008005007029/dataSharing/c5lcFeU25URZa9d6.htm’ from origin ’https://szjsc-test.anji.gov.cn’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Credentials’ header in the response is ” which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

FetchH2

modeH3

• no-cors: 不会发送Origin ，服务器不会当作CORS请求 https://stackoverflow.com/questions/45696999/fetch-unexpected-end-of-input