cross-origin HTTP request
w
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
A resource makes a cross-origin HTTP request when it requests a resource from a different domain, or port than the one which the first resource itself serves. For example, an HTML page served from http://domain-a.com makes an <img> src
request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images and scripts from separate domains.
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest
and Fetch follow the same-origin policy. So, a web application using XMLHttpRequest
or Fetch could only make HTTP requests to its own domain. To improve web applications, developers asked browser vendors to allow cross-domain requests.
The Cross-Origin Resource Sharing (CORS) mechanism gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Modern browsers use CORS in an API container - such as XMLHttpRequest
or Fetch - to mitigate risks of cross-origin HTTP requests.
This article is for web administrators, server developers, and front-end developers. Modern browsers handle the client-side components of cross-origin sharing, including headers and policy enforcement. But this new standard means servers have to handle new request and response headers. Another article for server developers discussing cross-origin sharing from a server perspective (with PHP code snippets) is supplementary reading.
最新文章
- SpringBoot源码解析:tomcat启动分析
- Monkey基本使用流程及测试报告分析
- Sublime Text 安装Emmet
- HashMap vs TreeMap vs Hashtable vs LinkedHashMap
- Do not to test a private method.
- (一)问候Struts2
- 解决ios双击页面上移问题
- C++中string类的使用方法
- .Net程序员学用Oracle系列(25):触发器详解
- 浅谈如何使用swfupload工具与struts2无缝相接
- Failed to decrypt protected XML node ";DTS:Password"; with error 0x8009000B ";Key not valid for use in specified state.";. You may not be authorized to access this information. This error occurs when t
- 第28月第3天 c语言读写文件
- MFC不可不会
- Android: View换切后,无法正常设置焦点或切换后TextView的虚拟键盘不弹出
- 解决*.props打开失败问题
- SSIS 更新变量
- EF5+MVC4系列(7) 后台SelectListItem传值给前台显示Select下拉框;后台Action接收浏览器传值的4种方式; 后台Action向前台View视图传递数据的四种方式(ViewDate,TempDate,ViewBag,Model (实际是ViewDate.Model传值))
- 机器学习之k-最近邻(kNN)算法
- 5.synchronized锁重入
- OLE工具套件分析OFFICE宏恶意样本
热门文章
- 远程调试 Weinre
- 轻量集群管理工具PSSH
- Effective JavaScript Item 37 认识this的隐式指向
- (2.0)Smali系列学习之Smali语法
- Discuz!X3.2修改用户名注册长度限制的方法
- powerDesigner建表时选择不同数据库类型
- The Definitive Guide To Django 2 学习笔记(七) 第四章 模板 (三)使用模板系统
- Qt之模式、非模式对话框
- linux上FTP服务器搭建
- OSX 10.8+下开启Web共享的方法 /转