跨域API

简单跨域请求

只需要简单的设置允许跨域就可以了

def set_default_headers(self):
self.set_header('Access-Control-Allow-Origin', '*')

满足下面条件的就是简单请求,否则就不是

Simple requests

A simple cross-site request is one that meets all the following conditions:

The only allowed methods are:
GET
HEAD
POST
Apart from the headers set automatically by the user agent (e.g. Connection, User-Agent, etc.), the only headers which are allowed to be manually set are:
Accept
Accept-Language
Content-Language
Content-Type
The only allowed values for the Content-Type header are:
application/x-www-form-urlencoded
multipart/form-data
text/plain

复杂跨域请求

所有的非简单请求,比如content-Type:application/json的POST请求,CORS详解

复杂的跨域请求,浏览器会先发起一个OPTIONS类型的验证请求,检查服务端是否允许即将发起的真正的请求类型(主要是Methods和headers),如果允许的话,就需要像下面这样设置设置对应的rul

def set_default_headers(self):
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 86400) #24 hours
self.set_header('Access-Control-Allow-Headers', '*')
#self.set_header('Content-type', 'application/json')

服务端可以对不同的url配置不同的跨域信息,这也是网站安全的基本配置

复杂请求的过程

发起的OPTIONS请求:

OPTIONS /resources/post-here/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Origin: http://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER, Content-Type

服务端对OPTIONS请求的响应:

HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain

验证成功后发起真正的请求:

POST /resources/post-here/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
X-PINGOTHER: pingpong
Content-Type: text/xml; charset=UTF-8
Referer: http://foo.example/examples/preflightInvocation.html
Content-Length: 55
Origin: http://foo.example
Pragma: no-cache
Cache-Control: no-cache <?xml version="1.0"?><person><name>Arun</name></person> HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:40 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 235
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/plain [Some GZIP'd payload]

参考

http://www.oschina.net/question/1014827_115277?sort=time

http://blog.csdn.net/wangjun5159/article/details/49096445

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests

最新文章

  1. Visual Studio 2015将在7月20号RTM
  2. NSFileManager 的基本使用方法
  3. 改进iOS客户端的升级提醒功能
  4. vbox下Oracle Enterprise liunx5.4虚拟机安装10G RAC实验(二)
  5. sudo用户管理
  6. ThinkPHP验证码刷新随机数
  7. PopupWindow添加动画效果
  8. java多线程总结六:经典生产者消费者问题实现
  9. DC-DC芯片 同步和異步方式有什么區別
  10. A valid provisioning profile for this executable was not found.
  11. Node.js开发Web后台服务
  12. 《java入门第一季》之面向对象面试题
  13. 二分(HDU2289 Cup)
  14. luogu 4345 Lucas的变形应用
  15. mysql 查询时指定校对规则
  16. 1: 创建一个sap demo项目:
  17. 那些年实用但被我忘掉javascript属性.onresize
  18. android发送短信代码(短信内容超长处理)
  19. golang 实现海明距离 demo
  20. java单例模式等一些程序的写法....持续更新...

热门文章

  1. WPF整理-自定义一个扩展标记(custom markup extension)
  2. mysql 源码安装
  3. css3的媒体查询(Media Queries)
  4. 一份spring配置文件及其详解
  5. mysql的简单主从复制(ubuntu)
  6. CDH-5.4.3离线安装
  7. hdu Examining the Rooms
  8. OpenGL ES着色器语言之着色概览(官方文档)
  9. ROS_Kinetic_06 ROS基础内容(三)
  10. python接口自动化(七)--状态码详解对照表(详解)
  11. flask 手机号码正则匹配的简单操作
  12. FFmpeg Commits on May 30, 2017 remove libschroedinger &amp; libnut
  13. 前端:Jquery 处理同一Name的Radio组时,绑定checked属性异常的问题.(已解决)
  14. 在CentOS 7+ 安装Kubernetes入门(单Master)
  15. SQLServer Always On FCI 脑裂及可疑状态修复
  16. MySQL双主.md
  17. C语言:存取结构体成员的点运算符(.)和箭头运算符(-&gt;)的区别
  18. [leetcode]113. Path Sum II路径和(返回路径)
  19. apache.commons.io.FileUtils的常用操作
  20. 前端QRCode.js生成二维码(解决长字符串模块和报错问题)