CORS(Cross-Origin Resource Sharing 跨域资源共享)
被访问方设置响应头
// js设置 Access-Control-Allow-Origin
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
// code...
})
or
// 对接口设置
app.all('*', function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
// res.setHeader("Access-Control-Allow-Headers", "X-Requested-With");
res.setHeader("Access-Control-Allow-Methods","PUT,POST,GET,DELETE,OPTIONS");
res.setHeader("Content-Type", "application/json;charset=utf-8");// 对xhr请求这么设置,对表单则设置为"application/x-www-form-urlencoded"
next()
})
或者
/* html设置:*/
<header>
<meta http-equiv="Access-Control-Allow-Origin" content="*">
</header>
也可以指定允许来自某域的访问,
此处的 允许任意来源Access-Control-Allow-Origin: ”*“ 改为 指定来源Access-Control-Allow-Origin: ”www.baidu.com"