https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request.  For instance, a resource loaded from Domain A (http://domaina.example) such as an HTML web page, makes a request for a resource on Domain B (http://domainb.foo), such as an image, using the img element (http://domainb.foo/image.jpg).  This occurs very commonly on the web today — pages load a number of resources in a cross-site manner, including CSS stylesheets, images and scripts, and other resources.

Cross-site HTTP requests initiated from within scripts have been subject to well-known restrictions, for well-understood security reasons.  For example HTTP Requests made using the XMLHttpRequest object were subject to the same-origin policy.  In particular, this meant that a web application usingXMLHttpRequest could only make HTTP requests to the domain it was loaded from, and not to other domains.  Developers expressed the desire to safely evolve capabilities such as XMLHttpRequest to make cross-site requests, for better, safer mash-ups within web applications.

The Web Applications Working Group within the W3C has recommended the new Cross-Origin Resource Sharing (CORS) mechanism, which provides a way for web servers to support cross-site access controls, which enable secure cross-site data transfers.  Of particular note is that this specification is used within an API container such as XMLHttpRequest as a mitigation mechanism, allowing the crossing of the same-domain restriction in modern browsers.  The information in this article is of interest to web administrators, server developers and web developers.  Another article for server programmers discussing cross-origin sharing from a server perspective (with PHP code snippets) is supplementary reading.  On the client, the browser handles the components of cross-origin sharing, including headers and policy enforcement.  The introduction of this new capability, however, does mean that servers have to handle new headers, and send resources back with new headers.

This cross-origin sharing standard is used to enable cross-site HTTP requests for:

This article is a general discussion of Cross-Origin Resource Sharing, and includes a discussion of the HTTP headers as implemented in Firefox 3.5.

【HTTP】HTTP access control (CORS)的更多相关文章

  1. 【MongoDB】The Access control of mongodb

    In this blog we mainly talk about the access control including limitation of ip, setting listen port ...

  2. 【MVC】View与Control之间数据传递

    1. Controller向View传递数据 使用ViewData传递数据[弱类型,字典型ViewDataDictionary] ViewData[“Message_ViewData”] = “ He ...

  3. 【Leafletjs】5.L.Control 自定义一个Control

    L.Control 所有leaflet控制的基础类.继承自IControl接口. 你可以这样添加控件: control.addTo(map); // the same as map.addContro ...

  4. 【Scala】Scala之Control Structures

    一.前言 前面学习了Scala的Numbers,接着学习Scala的Control Structures(控制结构). 二.Control Structures Scala中的控制结构与Java中的颇 ...

  5. 【转载】#437 - Access Interface Members through an Interface Variable

    Onece a class implementation a particular interface, you can interact with the members of the interf ...

  6. 【APUE】Chapter12 Thread Control

    今天看了APUE的Chapter12 Thread Control的内容,记录一下看书的心得与示例code. 这一章的内容是对Chapter11 Threads(见上一篇日志)的补充,大部分内容都是理 ...

  7. 【http】【转发】HTTP访问控制(CORS)

    当一个资源从与该资源本身所在的服务器不同的域或端口请求一个资源时,资源会发起一个跨域 HTTP 请求.   比如,站点 http://domain-a.com 的某 HTML 页面通过 <img ...

  8. 【转】跨域资源共享 CORS 详解

    本文来源:http://www.ruanyifeng.com/blog/2016/04/cors.html 阮一峰老师的网络日志 CORS是一个W3C标准,全称是"跨域资源共享"( ...

  9. 【总结】C# Access 数据库 增删查改 的简单步骤

        引用集: using System.Data.OleDb; static string exePath = System.Environment.CurrentDirectory;//本程序所 ...

随机推荐

  1. 2440test 裸机測试 调试不进main 设置改动方法

           2440test没进main函数并非跑飞.bin文件已经烧写到开发板里了的 而是没选择载入文件,导致不能调试程序文件 主要设置例如以下:

  2. 2014-08-05 pig

    Pig的数据类型能够分为两种:一种是scalar类型,包含单一的value,一种是complex类型,包含有其他的类型. 对于scalar类型: int,long,float,double,chara ...

  3. Web Service实例——天气预报

    上述只是模拟了一下服务端和本地端的通信,但是却没有涉及到真正获取其他网站信息的操作.现在我们通过一个案例,是关于获取天气预报,来实际掌握该项技能. 原本可以使用MyEclipse自动生成客户端,然后很 ...

  4. Sending e-mail with Spring MVC---reference

    reference from:http://www.codejava.net/frameworks/spring/sending-e-mail-with-spring-mvc Table of con ...

  5. cookie记录浏览记录

    cookie记录浏览记录 HashMap也是我们使用非常多的Collection,它是基于哈希表的 Map 接口的实现,以key-value的形式存在.在HashMap中,key-value总是会当做 ...

  6. OC基础-day06

    #pragma mark - Day06_01_点语法 1. 点语法. 1). 如果要访问对象的属性,还要去调用属性对应的setter getter方法.好烦躁好烦躁. 2). 点语法的作用: 快速调 ...

  7. IE6 兼容问题总结

    1 IE6,IE7下设置body{overflow:hidden;}失效Bug

  8. ACM HDU 2044 一只小蜜蜂

    Problem Description 有一只经过训练的蜜蜂只能爬向右侧相邻的蜂房,不能反向爬行.请编程计算蜜蜂从蜂房a爬到蜂房b的可能路线数. 其中,蜂房的结构如下所示. Input 输入数据的第一 ...

  9. 关于A*寻路算法的认识

    最近要参加学校的APP比赛,我们组做的是一个3D迷宫的小APP,我负责的是迷宫的生成与寻路. 寻路算法选择的是A*寻路算法,具体参考的是下面的这篇博客. 本文主要是谈谈自己对A*算法的理解,具体细节, ...

  10. 原生js判断是否有某个class,如果有就删掉,没有加上

    <style> #div1 { width: 100px; height: 100px; position: absolute; } .div1 { background: red; } ...