w

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

A resource makes a cross-origin HTTP request when it requests a resource from a different domain, or port than the one which the first resource itself serves. For example, an HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images and scripts from separate domains.

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and Fetch follow the same-origin policy. So, a web application using XMLHttpRequest or Fetch could only make HTTP requests to its own domain. To improve web applications, developers asked browser vendors to allow cross-domain requests.

The Cross-Origin Resource Sharing (CORS) mechanism gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Modern browsers use CORS in an API container - such as XMLHttpRequest or Fetch - to mitigate risks of cross-origin HTTP requests.

This article is for web administrators, server developers, and front-end developers. Modern browsers handle the client-side components of cross-origin sharing, including headers and policy enforcement. But this new standard means servers have to handle new request and response headers. Another article for server developers discussing cross-origin sharing from a server perspective (with PHP code snippets) is supplementary reading.

最新文章

  1. SpringBoot源码解析:tomcat启动分析
  2. Monkey基本使用流程及测试报告分析
  3. Sublime Text 安装Emmet
  4. HashMap vs TreeMap vs Hashtable vs LinkedHashMap
  5. Do not to test a private method.
  6. (一)问候Struts2
  7. 解决ios双击页面上移问题
  8. C++中string类的使用方法
  9. .Net程序员学用Oracle系列(25):触发器详解
  10. 浅谈如何使用swfupload工具与struts2无缝相接
  11. Failed to decrypt protected XML node &quot;DTS:Password&quot; with error 0x8009000B &quot;Key not valid for use in specified state.&quot;. You may not be authorized to access this information. This error occurs when t
  12. 第28月第3天 c语言读写文件
  13. MFC不可不会
  14. Android: View换切后,无法正常设置焦点或切换后TextView的虚拟键盘不弹出
  15. 解决*.props打开失败问题
  16. SSIS 更新变量
  17. EF5+MVC4系列(7) 后台SelectListItem传值给前台显示Select下拉框;后台Action接收浏览器传值的4种方式; 后台Action向前台View视图传递数据的四种方式(ViewDate,TempDate,ViewBag,Model (实际是ViewDate.Model传值))
  18. 机器学习之k-最近邻(kNN)算法
  19. 5.synchronized锁重入
  20. OLE工具套件分析OFFICE宏恶意样本

热门文章

  1. 远程调试 Weinre
  2. 轻量集群管理工具PSSH
  3. Effective JavaScript Item 37 认识this的隐式指向
  4. (2.0)Smali系列学习之Smali语法
  5. Discuz!X3.2修改用户名注册长度限制的方法
  6. powerDesigner建表时选择不同数据库类型
  7. The Definitive Guide To Django 2 学习笔记(七) 第四章 模板 (三)使用模板系统
  8. Qt之模式、非模式对话框
  9. linux上FTP服务器搭建
  10. OSX 10.8+下开启Web共享的方法 /转