• <small id='FAXcf'></small><noframes id='FAXcf'>

  • <legend id='FAXcf'><style id='FAXcf'><dir id='FAXcf'><q id='FAXcf'></q></dir></style></legend>
    <tfoot id='FAXcf'></tfoot>

      1. <i id='FAXcf'><tr id='FAXcf'><dt id='FAXcf'><q id='FAXcf'><span id='FAXcf'><b id='FAXcf'><form id='FAXcf'><ins id='FAXcf'></ins><ul id='FAXcf'></ul><sub id='FAXcf'></sub></form><legend id='FAXcf'></legend><bdo id='FAXcf'><pre id='FAXcf'><center id='FAXcf'></center></pre></bdo></b><th id='FAXcf'></th></span></q></dt></tr></i><div id='FAXcf'><tfoot id='FAXcf'></tfoot><dl id='FAXcf'><fieldset id='FAXcf'></fieldset></dl></div>
          <bdo id='FAXcf'></bdo><ul id='FAXcf'></ul>
      2. CORS 和 Origin 标头?

        CORS and Origin header?(CORS 和 Origin 标头?)
          <bdo id='v2IN1'></bdo><ul id='v2IN1'></ul>

              • <i id='v2IN1'><tr id='v2IN1'><dt id='v2IN1'><q id='v2IN1'><span id='v2IN1'><b id='v2IN1'><form id='v2IN1'><ins id='v2IN1'></ins><ul id='v2IN1'></ul><sub id='v2IN1'></sub></form><legend id='v2IN1'></legend><bdo id='v2IN1'><pre id='v2IN1'><center id='v2IN1'></center></pre></bdo></b><th id='v2IN1'></th></span></q></dt></tr></i><div id='v2IN1'><tfoot id='v2IN1'></tfoot><dl id='v2IN1'><fieldset id='v2IN1'></fieldset></dl></div>
                <legend id='v2IN1'><style id='v2IN1'><dir id='v2IN1'><q id='v2IN1'></q></dir></style></legend>
                  <tbody id='v2IN1'></tbody>

              • <small id='v2IN1'></small><noframes id='v2IN1'>

                  <tfoot id='v2IN1'></tfoot>
                1. 本文介绍了CORS 和 Origin 标头?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  限时送ChatGPT账号..

                  当我们需要调用 Ajax 请求时:

                  if(typeof XMLHttpRequest !== 'undefined') xhr = new XMLHttpRequest();别的{var 版本 = ["Microsoft.XmlHttp","MSXML2.XmlHttp","MSXML2.XmlHttp.3.0","MSXML2.XmlHttp.4.0",MSXML2.XmlHttp.5.0"];

                  我已经知道使用 XMLHttpRequest-2 ,我们可以做一个跨域请求 AND 添加 ORIGIN 标头.

                  问题:

                  • 什么时候添加了这个标题?

                    • 是否在浏览器(支持 CORS)执行请求时添加?(跨域还是非跨域?)
                    • 还是在浏览器看到"请求目标来源与当前来源不同时自动添加...

                  我的意思是:He** 是什么意思?

                  <块引用>

                  跨域 HTTP 请求有一个 Origin 标头.这个标题向服务器提供请求的来源.这个标题是受浏览器保护,不能从应用程序代码中更改.本质上,它是找到的原始属性的网络等价物关于跨文档消息传递中使用的消息事件.原始标头与较旧的referer [sic] 标头的不同之处在于,referer 是一个完整的 URL,包括路径.因为路径可能包含敏感信息,浏览器有时不会发送引用试图保护用户隐私.但是,浏览器将始终必要时发送所需的 Origin 标头.

                  解决方案

                  Origin标头

                  <块引用>

                  何时添加此标头?

                  在标头阶段,文档正文发送之前(open之后,send之前).

                  <块引用>

                  它是在浏览器(支持 CORS)发出请求时添加的吗?(跨域还是非跨域?)

                  当源与创建XMLHttpRequest的页面不匹配时添加,但也可以在同源请求中发送.

                  <块引用>

                  或者当浏览器看到"请求目标来源与当前来源不同时是否自动添加...

                  是的.

                  <块引用>

                  但是,浏览器总是会在必要时发送所需的 Origin 标头.

                  这是 XMLHttpRequest 规范的一部分;如果您正在发出跨域请求,则会在请求标头中发送一个额外的标头.这个标题是例如来源:http://www.stackoverflow.com,由遵循标准的浏览器附加,无需用户交互.

                  <小时>

                  您可以在 MozillaWiki 的安全部分中阅读有关规范的更多信息,WHATWG 和 html5.组织.它是由(据我所知)FireFox 和 Google Chrome 实现的.我不相信它是 W3C 的一部分.此外不要假设源头是真实的,因为它可以通过修改后的浏览器或其他软件手动设置.

                  When we need to invoke an Ajax request we do :

                  if(typeof XMLHttpRequest !== 'undefined') xhr = new XMLHttpRequest();
                  else
                  {
                      var versions = ["Microsoft.XmlHttp",
                              "MSXML2.XmlHttp",
                              "MSXML2.XmlHttp.3.0",
                              "MSXML2.XmlHttp.4.0",
                              "MSXML2.XmlHttp.5.0"
                      ];
                  

                  I already know that using XMLHttpRequest-2 ,we can make a cross origin request AND that the ORIGIN header is added.

                  Question:

                  • When does this header added ?

                    • Is it added when a browser (that support CORS) is performing a request ? ( cross domain or non-cross-domain?)
                    • Or is it added automatically when the browser "sees" that the request target origin is different from the current origin...

                  I mean : what the He** does the bold line mean ?

                  Cross-origin HTTP requests have an Origin header. This header provides the server with the request’s origin. This header is protected by the browser and cannot be changed from application code. In essence, it is the network equivalent of the origin property found on message events used in Cross Document Messaging. The origin header differs from the older referer [sic] header in that the referer is a complete URL including the path. Because the path may contain sensitive information, the referer is sometimes not sent by browsers attempting to protect user privacy. However, the browser will always send the required Origin headers when necessary.

                  解决方案

                  The Origin header

                  When this header is added ?

                  During the header's stage, before the document's body is sent (after open, before send).

                  Is it added when a browser (that support CORS) is doing a request ? ( cross domain or non-cross-domain?)

                  It is added when the origin doesn't match the page from which the XMLHttpRequest is created, but may also be sent in a same-origin request.

                  Or does it added automatically when the browser "sees" that the request target origin is different from the current origin...

                  Yes.

                  However, the browser will always send the required Origin headers when necessary.

                  This is part of the XMLHttpRequest spec; if you're making a cross-domain request, in the request headers an extra header is sent. This header is e.g. Origin: http://www.stackoverflow.com and is appended by a standards-following browser without user interaction.


                  You can read more on the specification in MozillaWiki's Security section, WHATWG and html5.org. It is implemented by (that I know of) FireFox and Google Chrome. I don't believe it is part of W3C yet. Further do not assume the origin header is true, as it can be set manually by modified borwsers or other software.

                  这篇关于CORS 和 Origin 标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  SCRIPT5: Access is denied in IE9 on xmlhttprequest(SCRIPT5:在 IE9 中对 xmlhttprequest 的访问被拒绝)
                  XMLHttpRequest module not defined/found(XMLHttpRequest 模块未定义/未找到)
                  Show a progress bar for downloading files using XHR2/AJAX(显示使用 XHR2/AJAX 下载文件的进度条)
                  How can I open a JSON file in JavaScript without jQuery?(如何在没有 jQuery 的情况下在 JavaScript 中打开 JSON 文件?)
                  How do I get the HTTP status code with jQuery?(如何使用 jQuery 获取 HTTP 状态码?)
                  quot;Origin null is not allowed by Access-Control-Allow-Originquot; in Chrome. Why?(“Access-Control-Allow-Origin 不允许 Origin null在铬.为什么?)

                    <i id='iaY8k'><tr id='iaY8k'><dt id='iaY8k'><q id='iaY8k'><span id='iaY8k'><b id='iaY8k'><form id='iaY8k'><ins id='iaY8k'></ins><ul id='iaY8k'></ul><sub id='iaY8k'></sub></form><legend id='iaY8k'></legend><bdo id='iaY8k'><pre id='iaY8k'><center id='iaY8k'></center></pre></bdo></b><th id='iaY8k'></th></span></q></dt></tr></i><div id='iaY8k'><tfoot id='iaY8k'></tfoot><dl id='iaY8k'><fieldset id='iaY8k'></fieldset></dl></div>

                        <small id='iaY8k'></small><noframes id='iaY8k'>

                          <tbody id='iaY8k'></tbody>
                        <tfoot id='iaY8k'></tfoot>

                            <bdo id='iaY8k'></bdo><ul id='iaY8k'></ul>
                          • <legend id='iaY8k'><style id='iaY8k'><dir id='iaY8k'><q id='iaY8k'></q></dir></style></legend>