w

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

A resource makes a cross-origin HTTP request when it requests a resource from a different domain, or port than the one which the first resource itself serves. For example, an HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images and scripts from separate domains.

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and Fetch follow the same-origin policy. So, a web application using XMLHttpRequest or Fetch could only make HTTP requests to its own domain. To improve web applications, developers asked browser vendors to allow cross-domain requests.

The Cross-Origin Resource Sharing (CORS) mechanism gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Modern browsers use CORS in an API container - such as XMLHttpRequest or Fetch - to mitigate risks of cross-origin HTTP requests.

This article is for web administrators, server developers, and front-end developers. Modern browsers handle the client-side components of cross-origin sharing, including headers and policy enforcement. But this new standard means servers have to handle new request and response headers. Another article for server developers discussing cross-origin sharing from a server perspective (with PHP code snippets) is supplementary reading.

cross-origin HTTP request的更多相关文章

  1. Blocking Cross Origin API request for /api/contents Creating Notebook Failed An error occurred while creating a new notebook.

    anacoda安装的jupyter,使用nginx进行了转发,远程访问可以进去,但是创建文件和创建目录都会报错 浏览器页面报错: 第一次使用jupyter创建python时错误:Creating No ...

  2. Ajax本地跨域问题 Cross origin requests are only supported for HTTP

    问题:打开本地html文件时,报错如下 Cross origin requests are only supported for protocol schemes: http, data,chrome ...

  3. jquery读取本地文件,Windows上报错。XMLHttpRequest cannot load xxx. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.k.cors.a.c

    问题: 测试报告,使用本地的json.txt文件,结果文件读取失败,报错如下: XMLHttpRequest cannot load xxx. Cross origin requests are on ...

  4. CORS (Cross Origin Resources Share) 跨域

    CORS 跨域 1 什么是跨域问题 基于安全考虑,浏览器会限制使用脚本发起任何跨域请求. 所谓的跨域请求,就是与当前页面的 http/ip/port 不一样的请求. 但在实际运用中,跨域获取数据的需求 ...

  5. nodejs报错 XMLHttpRequest cannot load localhost:3000/test_date/. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.

    z在请求本地的时候  如果ajax的URL 前面没有http的话 就会报错 jq.js:2 XMLHttpRequest cannot load localhost:3000/test_date/. ...

  6. Cross origin requests are only supported for protocol schemes: http, data, chrome,chrome-extension的问题

    Cross origin requests are only supported for protocol schemes: http, data, chrome,chrome-extension的问 ...

  7. 用临时用户数据目录启动Chrome,关闭安全检查等(解决Cross origin requests are only supported for HTTP?)

    Cross origin requests are only supported for HTTP? 参考:https://www.zhihu.com/question/20948649 批处理: s ...

  8. 【chrome错误】Cross origin requests are only supported for protocol schemes: http, data,chrome-extension, https, chrome-extension-reso

    使用ajax请求本地文件,chrome会报跨域错误. XMLHttpRequest cannot loadfile:///C:/Users/Li/Desktop/images/alist.json.C ...

  9. 利用 pyhon 解决 Cross Origin Requests

    在学习 ajax 时遇到了一个问题 XMLHttpRequest cannot load file:xxxxxxxx . Cross origin requests are only supporte ...

  10. 跨域问题:Cross origin requests are only supported for protocol schemes: http...

    跨域:Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extensi ...

随机推荐

  1. Python zip Python zip函数

    zip([iterable, ...])zip()是Python的一个内建函数,它接受一系列可迭代的对象作为参数,将对象中对应的元素打包成一个个tuple(元组),然后返回由这些tuples组成的li ...

  2. Java服务CPU占用高问题定位方法

    1. 概述 提供一种简单的方法来定位CPU高的问题. 找到CPU高的进程,比如232543: 执行top -H -p pid,找到占用CPU最高的线程号,比如232544,转换成16进制38c60: ...

  3. 多线程-AbstractQueuedSynchronizer(AQS)

    概述 从使用者的角度,AQS的功能可分为两类:独占功能和共享功能.它的子类中,要么实现并使用了它独占功能的API,要么使用了共享锁的功能,而不会同时使用两套API,即使是它的子类ReentrantRe ...

  4. JS高程3:JSON

    JSON,JavaScript Object Notation,JS对象表示法,是目前最常见的传输结构化数据的数据结构. JSON并非编程语言,而是一种数据结构,像mp4.avi一样,只是一种数据格式 ...

  5. HDOJ 4884 & BestCoder#2 1002

    TIANKENG’s rice shop Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Oth ...

  6. cocoa pods 升级遇到的问题

    1. cocoa pods 升级遇到的问题 运行 sudo gem update --system 报错 Updating rubygems-update ERROR: While executing ...

  7. 关于引脚复用,不得不提的GPIO_Pin_sources 和GPIO_Pin

    今天在端口复用时遇到了困惑,参考:http://www.51hei.com/bbs/dpj-40992-1.html 调整前的代码GPIO_PinAFConfig(GPIOA,GPIO_Pin_9,G ...

  8. .net访问Oracle数据库

    使用System.Data.OracleClient访问Oracle数据库时报错 尝试加载 Oracle 客户端库时引发 BadImageFormatException.如果在安装 32 位 Orac ...

  9. 使用uGUI系统玩转标准俄罗斯方块

    使用uGUI系统玩转标准俄罗斯方块 笔者使用的Unity3D版本是4.6b17.由于一些工作上的一些事情导致制作的进度被严重滞后.笔者实际用于开发俄罗斯方块的时间,大概也就2-3天吧. 开始前的准备 ...

  10. 分析并实现 360 P1路由器上的朋友专享网络 功能

    笔者分析了360 P1路由器上的朋友专享网络功能,发现其主要由如下子功能组成: 1. APP点击“立即开启”,则路由器会多出一个新的SSID:360朋友专享网络-8463.此SSID不加密:同时,原有 ...