我在后端已经添加了header(access-control-allow-origin:*);，但是为什么前端使用js请求时还是出现
cross-origin request blocked: the same origin policy disallows reading the remote resource at http://nichijou.org/x. (reason: cors header 'access-control-allow-origin' missing). cross-origin request blocked: the same origin policy disallows reading the remote resource at http://nichijou.org/x. (reason: cors request failed).

回复内容： 我在后端已经添加了header(access-control-allow-origin:*);，但是为什么前端使用js请求时还是出现
cross-origin request blocked: the same origin policy disallows reading the remote resource at http://nichijou.org/x. (reason: cors header 'access-control-allow-origin' missing). cross-origin request blocked: the same origin policy disallows reading the remote resource at http://nichijou.org/x. (reason: cors request failed).

很多浏览器都已经不支持使用 * 来设置 access-control-allow-origin 了，正常的做法是 header(access-control-allow-origin:.$_server['http_host']);
如果需要传递 cookie 的话还需要搭配 access-control-allow-credentials: true 这个头使用。具体可以看文档：https://developer.mozilla.org/en-us/docs/web/http/server-side_access_control
什么浏览器啊，版本号都列出来