HTTPS和HTTP CORS [英] HTTPS and HTTP CORS

问题描述

我的问题很简单，但我找不到答案而且我没有得到自己的测试。我可以从一个域到另一个HTTPS域发出HTTPS CORS请求吗？我可以从一个域到另一个HTTPS域发出HTTP CORS请求吗？我知道，我可以从一个域到另一个HTTP域执行HTTP CORS请求，但是当我使用HTTPS时，我不知道是否存在任何差异。

my questions is simple, but I can not find answer and I have not got ressourcess to test it myself. Can I make HTTPS CORS request from one domain to another HTTPS domain? Can I make HTTP CORS request from one domain to another HTTPS domain? I know, that i can do HTTP CORS request from one domain to another HTTP domain, but I do not know if there is any differences, when I use HTTPS.

谢谢，

菲利普。

推荐答案

是的，你可以。

唯一的区别是因为https是一个安全的来源，你只能拨打安全的来源，所以不能到http，浏览器会屏蔽它（请参阅混合内容）

The only difference is because https is a secure origin, you can only make call to secure origin, so not to http, the browser will block it (see mixed content)

警告：如果您允许http请求呼叫您的https网页，它将会不安全因为这意味着攻击者可以使用受害者的cookie强制要求访问您的https网页并阅读答案

Warning: If you allow http requests to call your https webpage, it will be insecure because it means an attacker can force requests to your https webpage with the cookies of a victim and read the answer

这篇关于HTTPS和HTTP CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！