Open phymo opened 3 years ago
Connection
, User-Agent
, or the other headers defined in the Fetch spec as a forbidden header name), the only headers which are allowed to be manually set are those which the Fetch spec defines as a CORS-safelisted request-header, which are: Accept
, Accept-Language
, Content-Language
, Content-Type
application/x-www-form-urlencoded
/multipart/form-data
/text/plain
request header send
Origin
, response header sendAccess-Control-Allow-Origin
to control Access.
request with cookie, response with
Access-Control-Allow-Credentials: true
, if not, the response would be ignored.
Access-Control-Allow-Origin: <origin> | *
Access-Control-Expose-Headers: <header-name>[, <header-name>]*
Access-Control-Max-Age: <delta-seconds>
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: <method>[, <method>]*
Access-Control-Allow-Headers: <header-name>[, <header-name>]*
Origin
: Note that in any access control request, the Origin header is always sent.Access-Control-Request-Method
Access-Control-Request-Headers: <field-name>[, <field-name>]*
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS https://juejin.cn/post/6844904055148380173 https://jakearchibald.com/2021/cors/