Cross-domain exists only on the browser side, because the browser’s same-origin policy creates cross-domain, with HTTP default port 80 and HTTPS default port 443
The same-origin policy
- Ajax same-origin policy:
- Different source pages cannot get cookies;
- Different source pages cannot make Ajax requests
- Dom same-origin policy: This restricts access to the DOM from different source pages
The solution
Preview the request
For non-simple cross-domain requests, the browser automatically sends an OPTIONS query request for you to check whether the target resource supports cross-domain requests
Two conditions must be met in a simple request:
- The methods used must be (one) : head, get, post
- The requested header is: Accept, accept-language, content-language, content-type: Only three values are available: Application/X-www-form-urlencoded, multipart/form-data, text/plain
Post + Content-type =application/json is also a non-simple request. In this case, you can set the access-Control-max-age field on the server, so that only one option request will be issued within the cache expiration period
Reduce the number of CORS pre-requests
Plan 1: Make a simple request
Scheme 2: Set the access-Control-max-age field on the server, so that the browser does not need to send a pre-check request for the same request within the valid time. But it has limitations: it can only be cached for the same request, not for the entire domain or for fuzzy matching urls