官术网_书友最值得收藏!

Cross-Origin Resource Sharing (CORS)

The most important application of this OPTIONS method is Cross-Origin Resource Sharing (CORS). Initially, browser security prevented the client from making cross-origin requests. It means a site loaded with the www.foo.com URL can only make API calls to that host. If the client code needs to request files or data from www.bar.com, then the second server, bar.com, should have a mechanism to recognize foo.com to get its resources.

The following is the diagram depicting the CORS process:

Let's examine the steps followed in the preceding CORS diagram:

  1. foo.com requests the OPTIONS method on bar.com
  2. bar.com sends a header like Access-Control-Allow-Origin: http://foo.com in response to the client
  3. Next, foo.com can access the resources on bar.com without any restrictions that call any REST method

If bar.com feels like supplying resources to any host after one initial request, it can set the access control to *.

In the next section, we see why the REST API plays such a major role in the next generation of web services. SPAs made it possible to leverage APIs for all purposes, including the UI, clients, and so on.

主站蜘蛛池模板: 安阳县| 武穴市| 闽侯县| 湖北省| 舒兰市| 罗江县| 关岭| 天等县| 兴城市| 秦安县| 新泰市| 库车县| 荔浦县| 吕梁市| 博爱县| 密云县| 南丰县| 金塔县| 通山县| 美姑县| 姜堰市| 通渭县| 手游| 界首市| 上思县| 禹城市| 彰武县| 同德县| 刚察县| 新平| 河北省| 威信县| 衡阳县| 大名县| 汉阴县| 大渡口区| 定西市| 英山县| 汪清县| 望都县| 城固县|