crossorigin属性
在HTML5中, <img>, <video> or <script>
可以跨域, 并且有crossorigin
属性,可以配置CORS(Cross-Origin Resource Sharing )请求,属性是可枚举值:
- anonymous
Requests for the element will have their mode set to "cors" and their credentials mode set to "same-origin".
- use-credentials
Requests for the element will have their mode set to "cors" and their credentials mode set to "include".
By default (that is, when the attribute is not specified), CORS is not used at all. The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication as described in the Terminology section of the CORS specification, unless it is in the same origin.
如果不设置该属性,CORS
不起作用。
An invalid keyword and an empty string will be handled as the anonymous keyword.
非法字符或者为空视作anonymous
credentials mode
- "omit"
Excludes credentials from this request.
- "same-origin"
Include credentials with requests made to same-origin URLs.
- Include
Always includes credentials with this request.
Request’s credentials mode controls the flow of credentials during a fetch. When request’s mode is "navigate", its credentials mode is assumed to be "include" and fetch does not currently account for other values. If HTML changes here, this standard will need corresponding changes.