CORS (跨域资源共享)是一个系统, 包括传输的 HTTP headers, 其确定是否阻止或完成从该资源所在的域外的另一个域的网页上的受限资源的请求,。
同源安全策略( same-origin security policy)默认禁止“跨域”请求. CORS 给予Web服务器跨域访问控制, 启用安全的跨域数据传输。。.
Learn more
General knowledge
- HTTP access control (CORS) on MDN
- Cross-origin resource sharing on Wikipedia
CORS headers
Access-Control-Allow-Origin
- Indicates whether the response can be shared.
Access-Control-Allow-Credentials
- Indicates whether or not the response to the request can be exposed when the credentials flag is true.
Access-Control-Allow-Headers
- Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Access-Control-Allow-Methods
- Specifies the method or methods allowed when accessing the resource in response to a preflight request.
Access-Control-Expose-Headers
- Indicates which headers can be exposed as part of the response by listing their names.
Access-Control-Max-Age
- Indicates how long the results of a preflight request can be cached.
Access-Control-Request-Headers
- Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-Method
- Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
Origin
- Indicates where a fetch originates from.