跨域资源共享 (CORS) 是否区分 HTTP 和 HTTPS?

Does Cross-Origin Resource Sharing(CORS) differentiate between HTTP AND HTTPS?(跨域资源共享 (CORS) 是否区分 HTTP 和 HTTPS?)
本文介绍了跨域资源共享 (CORS) 是否区分 HTTP 和 HTTPS?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我有两个网站:https//:www.domain-only-uses-https.com 和 www.domain-uses-both-http-and-https.com

I have two sites : https//:www.domain-only-uses-https.com and www.domain-uses-both-http-and-https.com

现在我在前者的页面中向后者发出2个ajax GET请求,一个是

Now I am making 2 ajax GET requests in the page of the former to the later, one is

https://www.domain-uses-both-http-and-https.com/some-path  (using the HTTPS scheme) 

另一个是

http://www.domain-uses-both-http-and-https.com/some-other-path (using the HTTP scheme)

我确实将https//:www.domain-only-uses-https.com"设置为服务器www.domain-uses-"中Access-Control-Allow-Origin:"标头的值http-和-https.com".

And I DID set the "https//:www.domain-only-uses-https.com" as the value of "Access-Control-Allow-Origin:" header in the server "www.domain-uses-both-http-and-https.com ".

但现在看来 Chrome 只允许请求 1,而请求 2 被禁止.

But now it seems that only request 1 is allowed by Chrome ,but request 2 is forbidden.

所以我的问题是:Access-Control-Allow-Origin"标头是否区分 HTTP 和 HTTPS?希望我已经说清楚了..

So my question is : does the "Access-Control-Allow-Origin" header differentiate between HTTP AND HTTPS? Hope I've made myself clear..

推荐答案

是的,HTTP 和 HTTPS 的来源不同.

Yes, HTTP and HTTPS origins are different.

originhostnameportscheme 的组合.

An origin is a combination of hostname, port, and scheme.

  http://foo.example.com:8080/
  ^^^^   ^^^^^^^^^^^^^^^ ^^^^
   ||           ||        ||
 scheme      hostname    port

如果不是所有这些字段在两个资源之间都匹配,则这些资源来自不同的来源.因此,您必须明确指定资源是可以从使用 HTTP 方案的源访问还是使用 HTTPS 方案的源访问.

If not all of these fields match between two resources, then the resources are from different origins. Thus, you must expressly specify whether the resource is accessible from the origin with an HTTP scheme or the origin with an HTTPS scheme.

某些浏览器只允许 Access-Control-Allow-Origin 标头包含与每个响应一起发送的准确的一个来源(或 *);但是,您的服务器可以检测到请求的 Origin 标头并在 CORS 响应中发送相同的来源.

Some browsers only allow the Access-Control-Allow-Origin header to contain exactly one origin (or *) sent with each response; however, your server can detect the request's Origin header and send the same origin in the CORS response.

这篇关于跨域资源共享 (CORS) 是否区分 HTTP 和 HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

相关文档推荐

SCRIPT5: Access is denied in IE9 on xmlhttprequest(SCRIPT5:在 IE9 中对 xmlhttprequest 的访问被拒绝)
XMLHttpRequest module not defined/found(XMLHttpRequest 模块未定义/未找到)
Show a progress bar for downloading files using XHR2/AJAX(显示使用 XHR2/AJAX 下载文件的进度条)
How can I open a JSON file in JavaScript without jQuery?(如何在没有 jQuery 的情况下在 JavaScript 中打开 JSON 文件?)
How do I get the HTTP status code with jQuery?(如何使用 jQuery 获取 HTTP 状态码?)
quot;Origin null is not allowed by Access-Control-Allow-Originquot; in Chrome. Why?(“Access-Control-Allow-Origin 不允许 Origin null在铬.为什么?)