billfeller.github.io icon indicating copy to clipboard operation
billfeller.github.io copied to clipboard

Published 20 hours ago verified publisher icon wadezhan

CORS(Cross-origin resource sharing)

Open billfeller opened this issue 8 years ago • 0 comments

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

The CORS (Cross-origin resource sharing) standard describes new HTTP headers which provide browsers and servers a way to request remote URLs only when they have permission. Although some validation and authorization can be performed by the server, it is generally the browser's responsibility to support these headers and honor the restrictions they impose.

in the CORS architecture, the ACAO (Access-Control-Allow-Origin) header is being set by the external web service (bar.com), not the original web application server (foo.com). CORS allows the external web service to authorise the web application to use its services and does not control external services accessed by the web application. For the latter, Content Security Policy should be used (connect-src directive).

CORS Server Flows

image

推荐阅读:

  1. Using CORS

billfeller avatar Aug 24 '16 02:08 billfeller