浏览器跨域问题
1、ajax跨域访问
https://www.cnblogs.com/cxf520/p/7101025.html
浏览器先发送请求,Http头:
Method: OPTIONS
Access-Control-Request-Headers: Content-type
Access-Control-Request-Method: POST(要正式发送的Method)
Origin:请求URL(不包含资源路径),如:http://ip:port
服务器收到OPTIONS请求后,在响应中设置http头:
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 172800
Access-Control-Credentials: true
收到正式请求,依然返回跨域的响应头。
2、iFrame跨域访问
在界面使用iFrame框架集成另一个域名的页面时,会造成跨域访问。
服务器收到请求后,设置http头:
X-Frame-Options: ALLOW-FROM http://test:8080(多个地址用空格分隔)
Content-Security-Policy: frame-ancestors http://test:8080(多个地址用空格分隔,此参数主要适配谷歌浏览器,如果不配置此参数,谷歌浏览器依然能跨域访问,但会报错)
打开F12会看到:
Invalid’X-Frame-Options’ header encountered when loading ‘http://test:8080/t.html’: ‘ALLOW-FROM http://test:8080’ is not a recognized directive. The header will be ignored.