没有响应标头时允许CORS Access-Control-Allow-Origin
[英]CORS allowed when no response header Access-Control-Allow-Origin
问题描述
I'm able to send post/put/delete to my localhost even though the response headers doesn't include "Access-Control-Allow-Origin" , I'm using chrome so my question: 
我可以将post / put / delete发送到我的本地主机,即使响应头不包含“ Access-Control-Allow-Origin”,我也在使用chrome,所以我的问题是:
1- will requests from different site allowed if no "Access-Control-Allow-Origin" returned ? 1-如果没有返回“ Access-Control-Allow-Origin”,是否允许来自其他站点的请求?
2- why the request worked on my local host , the browser sent the following headers in request : 2-为什么请求在我的本地主机上有效,浏览器在请求中发送了以下标头:
Origin: http://localhost:8080 来源: http:// localhost:8080
or the browsers ignore the response header "Access-Control-Allow-Origin" when it's the same origin ? 还是浏览器忽略源相同的响应标头“ Access-Control-Allow-Origin”?
1 个解决方案
解决方案1
1 已采纳 2018-11-09 11:07:49
will requests from different site allowed if no "Access-Control-Allow-Origin" returned ?
A POST request, all else being equal, will be allowed, but the Same Origin Policy will prevent JS from reading the response. 在所有其他条件相同的情况下,将允许POST请求,但Same Origin Policy将阻止JS读取响应。
PUT and DELETE requests require a Preflight request to receive permission from CORS first, so the requests will be blocked. PUT和DELETE请求需要一个Preflight请求才能首先从CORS接收许可,因此将阻止该请求。
why the request worked on my local host
The Same Origin Policy doesn't block access when the request is from the same origin. 当请求来自相同来源时,“相同来源策略”不会阻止访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.