Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

Revision 1133307 of CORS

  • 版本网址缩略名: Glossary/CORS
  • 版本标题: CORS
  • 版本 id: 1133307
  • 创建于:
  • 创建者: xgqfrms
  • 是否是当前版本?
  • 评论 CORS
标签: 

修订内容

CORS (跨域资源共享)是一个系统, 包括传输的 HTTP headers, 其确定是否阻止或完成从该资源所在的域外的另一个域的网页上的受限资源的请求,。

同源安全策略( same-origin security policy)默认禁止“跨域”请求. CORS 给予Web服务器跨域访问控制, 启用安全的跨域数据传输。。.

Learn more

General knowledge

CORS headers

{{HTTPHeader("Access-Control-Allow-Origin")}}
Indicates whether the response can be shared.
{{HTTPHeader("Access-Control-Allow-Credentials")}}
Indicates whether or not the response to the request can be exposed when the credentials flag is true.
{{HTTPHeader("Access-Control-Allow-Headers")}}
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
{{HTTPHeader("Access-Control-Allow-Methods")}}
Specifies the method or methods allowed when accessing the resource in response to a preflight request.
{{HTTPHeader("Access-Control-Expose-Headers")}}
Indicates which headers can be exposed as part of the response by listing their names.
{{HTTPHeader("Access-Control-Max-Age")}}
Indicates how long the results of a preflight request can be cached.
{{HTTPHeader("Access-Control-Request-Headers")}}
Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
{{HTTPHeader("Access-Control-Request-Method")}}
Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
{{HTTPHeader("Origin")}}
Indicates where a fetch originates from.

Technical reference

修订版来源

 
<p><strong>CORS&nbsp;</strong>(跨域资源共享)是一个系统, 包括传输的&nbsp;<a href="/en-US/docs/Web/HTTP/Headers">HTTP headers</a>, 其确定是否阻止或完成从该资源所在的域外的另一个域的网页上的受限资源的请求,。</p>

<p>同源安全策略(&nbsp;<a href="/en-US/docs/Web/Security/Same-origin_policy">same-origin security policy</a>)默认禁止“跨域”请求.&nbsp;CORS 给予Web服务器跨域访问控制, 启用安全的跨域数据传输。。.</p>

<h2 id="Learn_more">Learn more</h2>

<h3 id="General_knowledge">General knowledge</h3>

<ul>
 <li><a href="/en-US/docs/Glossary/CORS">HTTP access control (CORS)</a> on MDN</li>
 <li>{{Interwiki("wikipedia", "Cross-origin resource sharing")}} on Wikipedia</li>
</ul>

<h3 id="CORS_headers">CORS headers</h3>

<dl>
 <dt>{{HTTPHeader("Access-Control-Allow-Origin")}}</dt>
 <dd>Indicates whether the response can be shared.</dd>
 <dt>{{HTTPHeader("Access-Control-Allow-Credentials")}}</dt>
 <dd>Indicates whether or not the response to the request can be exposed when the credentials flag is true.</dd>
 <dt>{{HTTPHeader("Access-Control-Allow-Headers")}}</dt>
 <dd>Used in response to a preflight request to indicate which HTTP&nbsp;headers can be used when making the actual request.</dd>
 <dt>{{HTTPHeader("Access-Control-Allow-Methods")}}</dt>
 <dd>Specifies the method or methods allowed when accessing the resource in response to a preflight request.</dd>
 <dt>{{HTTPHeader("Access-Control-Expose-Headers")}}</dt>
 <dd>Indicates which headers can be exposed as part of the response by listing their names.</dd>
 <dt>{{HTTPHeader("Access-Control-Max-Age")}}</dt>
 <dd>Indicates how long the results of a preflight request can be cached.</dd>
 <dt>{{HTTPHeader("Access-Control-Request-Headers")}}</dt>
 <dd>Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.</dd>
 <dt>{{HTTPHeader("Access-Control-Request-Method")}}</dt>
 <dd>Used when issuing a preflight request to let the server know which <a href="/en-US/docs/Web/HTTP/Methods">HTTP method</a> will be used when the actual request is made.</dd>
 <dt>{{HTTPHeader("Origin")}}</dt>
 <dd>Indicates where a fetch originates from.</dd>
</dl>

<h3 id="Technical_reference">Technical reference</h3>

<ul>
 <li><a href="https://fetch.spec.whatwg.org">Fetch specification</a></li>
</ul>
恢复到这个版本