新的跨越域CORS [英] new to cross domain CORS
问题描述
我是新来的这件事情,所以有一些问题,我想仰视一堆有关CORS网站后问。
I am new to this thing, so there is some questions I wanted to ask after looking up bunch of site that related to CORS.
首先,可以说我有 http://domain1.com 具有Ajax调用的 http://domain2.com ,我抬头上的 http://enable-cors.org/server.html 它说,我必须添加
First of all, lets say i have http://domain1.com that has a ajax call to http://domain2.com, I look up on http://enable-cors.org/server.html it say that I will have to add
Access-Control-Allow-Origin: *
这回答我的页眉或添加此设置的web.config对我的应用程序的根目录,但我很困惑,我要补充的响应头域1或域2应用程序?我的猜测是添加到域2,但我不能肯定,因为我没有必要的事情来测试它。
this response to my page header or add this setting to web.config on the root directory of my application, but I was confused, should I add the response header to domain1 or domain2 application? My guess was add to domain2, but I cannot be sure because I don't have the required things to test it.
此外,如果domain2.com均HTTPS,意味着我从http打电话到https,将这个工作的?
Furthermore, what if domain2.com were in https, means I am calling from http to https, will this works?
和怎么样IE?
推荐答案
您应该添加它 http://domain2.com 一>,因为<一href=\"https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Access-Control-Allow-Origin\"相对=nofollow>访问控制允许来源是权限 http://domain1.com 摆脱 http://domain2.com 信息。
需要注意的是(*)标志表示该域允许访问给大家,所以你必须要小心这一点。更好的选择是:
You should add it on http://domain2.com because Access-Control-Allow-Origin is permission for http://domain1.com to get information from http://domain2.com. Note that (*) symbol means that domain allows access to everyone, so you need to be careful with that. Better option would be:
Access-Control-Allow-Origin: http://domain1.com
这工作的优良IE和HTTPS:
It work fine for IE and for https:
Access-Control-Allow-Origin: http://domain1.com, https://domain1.com
以获取更多信息一看<一个href=\"https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control\"相对=nofollow>这里。
这篇关于新的跨越域CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!