HTTPS和HTTP CORS [英] HTTPS and HTTP CORS
问题描述
我的问题很简单,但我找不到答案而且我没有得到自己的测试。我可以从一个域到另一个HTTPS域发出HTTPS CORS请求吗?我可以从一个域到另一个HTTPS域发出HTTP CORS请求吗?我知道,我可以从一个域到另一个HTTP域执行HTTP CORS请求,但是当我使用HTTPS时,我不知道是否存在任何差异。
my questions is simple, but I can not find answer and I have not got ressourcess to test it myself. Can I make HTTPS CORS request from one domain to another HTTPS domain? Can I make HTTP CORS request from one domain to another HTTPS domain? I know, that i can do HTTP CORS request from one domain to another HTTP domain, but I do not know if there is any differences, when I use HTTPS.
谢谢,
菲利普。
推荐答案
是的,你可以。
唯一的区别是因为https是一个安全的来源,你只能拨打安全的来源,所以不能到http,浏览器会屏蔽它(请参阅混合内容)
The only difference is because https is a secure origin, you can only make call to secure origin, so not to http, the browser will block it (see mixed content)
警告:如果您允许http请求呼叫您的https网页,它将会不安全因为这意味着攻击者可以使用受害者的cookie强制要求访问您的https网页并阅读答案
Warning: If you allow http requests to call your https webpage, it will be insecure because it means an attacker can force requests to your https webpage with the cookies of a victim and read the answer
这篇关于HTTPS和HTTP CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!