关于移动应用程序和Web应用程序之间的CORS [英] about CORS between mobile application and web application
问题描述
我从Web应用程序 fetch api时遇到了CORS错误.奇怪的是,当我使用 POSTMAN 和移动应用程序(iOs& Android)获取相同的API时,不会发生该问题.这就是为什么我要让我的后端/服务器工程师打开CORS我的Web应用程序IP地址的原因.但我担心,当他问我为什么 POSTMAN &移动应用甚至可以不通过网络应用调用该API.
I encountered CORS error that when I fetch api from my web application. Oddly, that problem not occurred when I fetch that same API with POSTMAN and Mobile App (iOs & Android). That's why I'm about to talk my backend/server engineer to open CORS my web app IP address. But I'm concerned that I have no answer to explain him when he ask me why POSTMAN & Mobile App can be able to call that API even not web app.
无法加载 http://xxx.xxx.xxx.xx:8082/外部/access_token :对预检请求的响应未通过访问控制检查:否请求中存在"Access-Control-Allow-Origin"标头资源.因此,不允许使用来源" http://127.0.0.1:8080 "使用权.响应的HTTP状态码为500.如果响应不透明满足您的需求,将请求的模式设置为"no-cors"以获取禁用了CORS的资源.
Failed to load http://xxx.xxx.xxx.xx:8082/external/access_token: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access. The response had HTTP status code 500. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
请让我知道我该怎么解释他.
Please let me know how should I explain him.
推荐答案
CORS是一种安全措施,旨在防止网页向除页面之外的其他域发出请求(除非服务器说没问题).
CORS is a security measure designed to prevent web pages from making requests to domains OTHER THAN THE DOMAIN THE PAGE WAS RECEIVED FROM (unless the server says it's ok).
Postman不会从一个来源加载网页,而不会向另一个来源发出API请求.CORS在这里没有意义.移动应用程序也是如此.没有网页从一个来源加载并试图向另一个来源发出请求.
Postman does not load a web page from one source and make API requests to another source. CORS does not make sense here. The same goes for mobile apps. No webpage loaded from one source and trying to make requests to another source.
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
这篇关于关于移动应用程序和Web应用程序之间的CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
