“同源”之间的区别是什么?和“无人”用于JavaScript的Fetch API? [英] What's the difference between "same-origin" and "no-cors" for JavaScript's Fetch API?
问题描述
我认为相同的起源并不代表CORS,反之亦然。 JavaScript的Fetch API的模式选项的两个选项有什么区别?
I thought same origin implies no CORS, and vice-versa. What's the difference between the two options for JavaScript's Fetch API's mode option?
此外,在规格中,它说:
Also, in the specs, it says:
即使默认请求模式是no-cors,标准也是b $ b,因此不鼓励将其用于新功能。相反,
不安全。
Even though the default request mode is "no-cors", standards are highly discouraged from using it for new features. It is rather unsafe.
为什么不安全?来源: https://fetch.spec.whatwg.org/#requests
Why is it unsafe? Source: https://fetch.spec.whatwg.org/#requests
推荐答案
使用同源,您只能对您的来源执行请求,否则请求将导致错误。
With same-origin you can perform requests only to your origin, otherwise the request will result in an error.
使用 no-cors ,您可以对其他来源执行请求,即使他们没有设置需要CORS标题,但您将获得不透明响应。
With no-cors, you can perform requests to other origins, even if they don't set the required CORS headers, but you'll get an opaque response.
您可以在MDN上阅读更多信息: https:// developer.mozilla.org/en-US/docs/Web/API/Request/mode 和https://developer.mozilla.org/en-US/docs/Web/API/Response/type 。
You can read more on MDN: https://developer.mozilla.org/en-US/docs/Web/API/Request/mode and https://developer.mozilla.org/en-US/docs/Web/API/Response/type.
这篇关于“同源”之间的区别是什么?和“无人”用于JavaScript的Fetch API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
