{"id":536,"date":"2016-08-25T13:15:47","date_gmt":"2016-08-25T13:15:47","guid":{"rendered":"65658fde58ab3c2b6e5132a39fae7cb9"},"modified":"2016-08-25T13:15:47","modified_gmt":"2016-08-25T13:15:47","slug":"","status":"publish","type":"post","link":"https:\/\/www.xiaobo.li\/notes\/archives\/536","title":{"rendered":"(CORS)Cross-origin resource sharing"},"content":{"rendered":"<p><b><span style=\"font-size:18px;\" class=\"mw-headline\" id=\"How_CORS_works\">How CORS works:<\/span><\/b><\/p>\n<p><span class=\"mw-headline\" id=\"How_CORS_works\">https:\/\/upload.wikimedia.org\/wikipedia\/commons\/c\/ca\/Flowchart_showing_Simple_and_Preflight_XHR.svg<\/span><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/HTTP\/Access_control_CORS\"><\/a><a href=\"\/notes\/content\/uploadfile\/201608\/09dd1472102500.png\" target=\"_blank\" id=\"ematt:472\"><img decoding=\"async\" src=\"\/notes\/content\/uploadfile\/201608\/82661472102500.png\" alt=\"\u70b9\u51fb\u67e5\u770b\u539f\u56fe\" border=\"0\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u53c2\u8003\uff1a<\/span><\/b><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/HTTP\/Access_control_CORS\">https:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/HTTP\/Access_control_CORS<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u7b80\u5355\u8bf7\u6c42\uff1a<\/span><\/b><\/p>\n<p>\u7b80\u5355\u6307\uff1a<\/p>\n<ul>\n<li>\u53ea\u4f7f\u7528 GET, HEAD \u6216\u8005 POST \u8bf7\u6c42\u65b9\u6cd5\u3002\u5982\u679c\u4f7f\u7528 POST \u5411\u670d\u52a1\u5668\u7aef\u4f20\u9001\u6570\u636e\uff0c\u5219\u6570\u636e\u7c7b\u578b(Content-Type)\u53ea\u80fd\u662f <code>application\/x-www-form-urlencoded<\/code>, <code>multipart\/form-data \u6216 text\/plain<\/code>\u4e2d\u7684\u4e00\u79cd\u3002<\/li>\n<li>\u4e0d\u4f1a\u4f7f\u7528\u81ea\u5b9a\u4e49\u8bf7\u6c42\u5934\uff08\u7c7b\u4f3c\u4e8e X-Modified \u8fd9\u79cd\uff09\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<pre>GET \/resources\/public-data\/ HTTP\/1.1\r\nHost: bar.other\r\nUser-Agent: Mozilla\/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) \r\nGecko\/20081130 Minefield\/3.1b3pre\r\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nConnection: keep-alive\r\nReferer: http:\/\/foo.example\/examples\/access-control\/simpleXSInvocation.html\r\nOrigin: http:\/\/foo.example\r\n\r\n\r\nHTTP\/1.1 200 OK\r\nDate: Mon, 01 Dec 2008 00:23:53 GMT\r\nServer: Apache\/2.0.61 \r\nAccess-Control-Allow-Origin: *\r\nKeep-Alive: timeout=2, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: application\/xml<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u9884\u8bf7\u6c42\uff1a<\/span><\/b><\/p>\n<pre>OPTIONS \/resources\/post-here\/ HTTP\/1.1\r\nHost: bar.other\r\nUser-Agent: Mozilla\/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) \r\nGecko\/20081130 Minefield\/3.1b3pre\r\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nConnection: keep-alive\r\nOrigin: http:\/\/foo.example\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: X-PINGOTHER\r\n\r\n\r\nHTTP\/1.1 200 OK\r\nDate: Mon, 01 Dec 2008 01:15:39 GMT\r\nServer: Apache\/2.0.61 (Unix)\r\nAccess-Control-Allow-Origin: http:\/\/foo.example\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Headers: X-PINGOTHER\r\nAccess-Control-Max-Age: 1728000\r\nVary: Accept-Encoding, Origin\r\nContent-Encoding: gzip\r\nContent-Length: 0\r\nKeep-Alive: timeout=2, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text\/plain\r\n\r\nPOST \/resources\/post-here\/ HTTP\/1.1\r\nHost: bar.other\r\nUser-Agent: Mozilla\/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre)\r\n&nbsp;Gecko\/20081130 Minefield\/3.1b3pre\r\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nConnection: keep-alive\r\nX-PINGOTHER: pingpong\r\nContent-Type: text\/xml; charset=UTF-8\r\nReferer: http:\/\/foo.example\/examples\/preflightInvocation.html\r\nContent-Length: 55\r\nOrigin: http:\/\/foo.example\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n\r\n\r\nHTTP\/1.1 200 OK\r\nDate: Mon, 01 Dec 2008 01:15:40 GMT\r\nServer: Apache\/2.0.61 (Unix)\r\nAccess-Control-Allow-Origin: http:\/\/foo.example\r\nVary: Accept-Encoding, Origin\r\nContent-Encoding: gzip\r\nContent-Length: 235\r\nKeep-Alive: timeout=2, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text\/plain<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u9644\u5e26\u51ed\u8bc1\u4fe1\u606f\u7684\u8bf7\u6c42\uff1a<\/span><\/b><\/p>\n<pre>var invocation = new XMLHttpRequest();\r\nvar url = 'http:\/\/bar.other\/resources\/credentialed-content\/';\r\n    \r\nfunction callOtherDomain(){\r\n  if(invocation) {\r\n    invocation.open('GET', url, true);\r\n    invocation.withCredentials = true;\r\n    invocation.onreadystatechange = handler;\r\n    invocation.send(); \r\n  }\r\n\r\nGET \/resources\/access-control-with-credentials\/ HTTP\/1.1\r\nHost: bar.other\r\nUser-Agent: Mozilla\/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) \r\nGecko\/20081130 Minefield\/3.1b3pre\r\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nConnection: keep-alive\r\nReferer: http:\/\/foo.example\/examples\/credential.html\r\nOrigin: http:\/\/foo.example\r\nCookie: pageAccess=2\r\n\r\n\r\nHTTP\/1.1 200 OK\r\nDate: Mon, 01 Dec 2008 01:34:52 GMT\r\nServer: Apache\/2.0.61 (Unix) PHP\/4.4.7 mod_ssl\/2.0.61 OpenSSL\/0.9.7e \r\nmod_fastcgi\/2.4.2 DAV\/2 SVN\/1.4.2\r\nX-Powered-By: PHP\/5.2.6\r\nAccess-Control-Allow-Origin: http:\/\/foo.example\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nSet-Cookie: pageAccess=3; expires=Wed, 31-Dec-2008 01:34:53 GMT\r\nVary: Accept-Encoding, Origin\r\nContent-Encoding: gzip\r\nContent-Length: 106\r\nKeep-Alive: timeout=2, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text\/plain<\/pre>\n<p><b><span style=\"color:#e53333;\">\u7279\u522b\u6ce8\u610f: <\/span><\/b>\u7ed9\u4e00\u4e2a\u5e26\u6709withCredentials\u7684\u8bf7\u6c42\u53d1\u9001\u54cd\u5e94\u7684\u65f6\u5019,\u670d\u52a1\u5668\u7aef\u5fc5\u987b\u6307\u5b9a\u5141\u8bb8\u8bf7\u6c42\u7684\u57df\u540d,\u4e0d\u80fd\u4f7f\u7528'*'.<\/p>\n<p>\n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><b><span style=\"font-size:18px;\" class=\"mw-headline\" id=\"How_CORS_works\">How CORS works:<\/span><\/b><\/p>\n<p><span class=\"mw-headline\" id=\"How_CORS_works\">https:\/\/upload.wikimedia.org\/wikipedia\/commons\/c\/ca\/Flowchart_showing_Simple_and_Preflight_XHR.svg<\/span><\/p>\n<p><a href=\"\/notes\/content\/uploadfile\/201608\/09dd1472102500.png\" target=\"_blank\" id=\"ematt:472\"><img decoding=\"async\" src=\"\/notes\/content\/uploadfile\/201608\/82661472102500.png\" alt=\"\u70b9\u51fb\u67e5\u770b\u539f\u56fe\" border=\"0\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u53c2\u8003\uff1a<\/span><\/b><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/HTTP\/Access_control_CORS\">https:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/HTTP\/Access_control_CORS<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><b><span style=\"font-size:14px;\">\u7b80\u5355\u8bf7\u6c42\uff1a<\/span><\/b><\/p>\n<p>\u7b80\u5355\u6307\uff1a<\/p>\n<ul>\n<li>\u53ea\u4f7f\u7528 GET, HEAD \u6216\u8005 POST \u8bf7\u6c42\u65b9\u6cd5\u3002\u5982\u679c\u4f7f\u7528 POST \u5411\u670d\u52a1\u5668\u7aef\u4f20\u9001\u6570\u636e\uff0c\u5219\u6570\u636e\u7c7b\u578b(Content-Type)\u53ea\u80fd\u662f <code>application\/x-www-form-urlencoded<\/code>, <code>multipart\/form-data \u6216 text\/plain<\/code>\u4e2d\u7684\u4e00\u79cd\u3002<\/li>\n<li>\u4e0d\u4f1a\u4f7f\u7528\u81ea\u5b9a\u4e49\u8bf7\u6c42\u5934\uff08\u7c7b\u4f3c\u4e8e X-Modified \u8fd9\u79cd\uff09\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<pre>GET \/resources\/public-data\/ HTTP\/1.1\r\nHost: bar.other\r\nUser-Agent: Mozilla\/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) \r\nGecko\/20081130 Minefield\/3.1b3pre\r\nAccept: text\/html,application\/xhtml+...<\/pre>\n<p> <a href=\"https:\/\/www.xiaobo.li\/notes\/archives\/536\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[300],"tags":[257],"class_list":["post-536","post","type-post","status-publish","format-standard","hentry","category-http","tag-cors"],"_links":{"self":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/comments?post=536"}],"version-history":[{"count":0,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/536\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/media?parent=536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/categories?post=536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/tags?post=536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}