Web API-CORS的工作方式
[英]Web API - How CORS works
问题描述
Trying to understand how Web API CORS is supposed to work. 
试图了解Web API CORS应该如何工作。
If I have a Web API service at abc.com/api/MyService, shouldn't default Web API settings prevent domains other than abc.com from accessing this service? 如果我在abc.com/api/MyService上有Web API服务,默认的Web API设置是否应该阻止abc.com以外的域访问此服务?
For instance, if the service is called via SoapUI on a remote machine, shouldn't a cross-domain error be produced? 例如,如果通过远程计算机上的SoapUI调用该服务,是否不应该产生跨域错误?
1 个解决方案
解决方案1
0 2014-01-27 03:15:21
CORS is to allow/disallow JavaScript code running in a page shown by a browser to access service from other domain. CORS允许/禁止在浏览器显示的页面中运行的JavaScript代码访问其他域的服务。
Any other ways of calling service that supports CORS will continue to work as before. 支持CORS的任何其他呼叫服务方式将继续像以前一样工作。 Indeed there could be some custom code that checks CORS headers, but checking CORS headers is very unusual for applications since most don't have same origin policy enforced by browsers. 确实,可能存在一些用于检查CORS标头的自定义代码,但是对于应用程序而言,检查CORS标头是非常不寻常的,因为大多数浏览器都没有执行相同的源策略 。
So in your case it looks like you use a tool that does not have any "same origin" restrictions and thus not affected by CORS headers. 因此,在您的情况下,看起来您使用的工具没有任何“相同来源”限制,因此不受CORS标头的影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.