官术网_书友最值得收藏!

Cross-Origin Resource Sharing (CORS)

The most important application of this OPTIONS method is Cross-Origin Resource Sharing (CORS). Initially, browser security prevented the client from making cross-origin requests. It means a site loaded with the www.foo.com URL can only make API calls to that host. If the client code needs to request files or data from www.bar.com, then the second server, bar.com, should have a mechanism to recognize foo.com to get its resources.

The following is the diagram depicting the CORS process:

Let's examine the steps followed in the preceding CORS diagram:

  1. foo.com requests the OPTIONS method on bar.com
  2. bar.com sends a header like Access-Control-Allow-Origin: http://foo.com in response to the client
  3. Next, foo.com can access the resources on bar.com without any restrictions that call any REST method

If bar.com feels like supplying resources to any host after one initial request, it can set the access control to *.

In the next section, we see why the REST API plays such a major role in the next generation of web services. SPAs made it possible to leverage APIs for all purposes, including the UI, clients, and so on.

主站蜘蛛池模板: 象州县| 岳池县| 肇庆市| 庆阳市| 普定县| 高密市| 原平市| 苗栗市| 尉氏县| 盐亭县| 武夷山市| 乌什县| 新野县| 马公市| 贵溪市| 宾阳县| 精河县| 徐汇区| 安陆市| 洱源县| 涞源县| 邳州市| 桦南县| 蕲春县| 比如县| 万山特区| 延长县| 都兰县| 临猗县| 新疆| 伊宁县| 德惠市| 瑞金市| 桃园县| 察雅县| 从化市| 龙南县| 唐山市| 固原市| 张掖市| 丹江口市|