Contents
Cross-domain Ajax with Cross-Origin Resource Sharing
cors
cross-origin resource sharing
cors is an http based meachamism that allow a server to indicate that any other origin
cors is a w3c draft define how the brower and the server communicate when accessing resource origin;
how to do?
1. simple request
1. requirements
- One of the allowed methods:GET;HEAD;POST
- the only headers which are allowed to be manually set are
- Accept
- Accept-Language
- Content-Language
- Content-Type (but note the additional requirements below)
- The only allowed values for the Content-Type header are: application/x-www-form-urlencoded multipart/form-data text/plain
2. how
- brower send request with origin header(origin:baidu.com)
- server reply with Access-Control-Allow-Origin header(Acess-Control-Allow-Origin:baidu.com )
2. preflight request
1. requirements
not simple request
2. how
-
prefilight
-
brower send request
- Origin – same as in simple requests.
- Access-Control-Request-Method – the method that the request wants to use.
- Access-Control-Request-Headers – (Optional) a comma separated list of the custom headers being used.
Origin: https://humanwhocodes.com Access-Control-Request-Method: POST Access-Control-Request-Headers: NCZ
-
brower send respose
- Access-Control-Allow-Origin – same as in simple requests.
- Access-Control-Allow-Methods – a comma separated list of allowed methods.
- Access-Control-Allow-Headers – a comma separated list of headers that the server will allow.
- Access-Control-Max-Age – the amount of time in seconds that this preflight request should be cached for.
Access-Control-Allow-Origin: https://humanwhocodes.com Access-Control-Allow-Methods: POST, GET Access-Control-Allow-Headers: NCZ Access-Control-Max-Age: 1728000
-