Conditions for Simple Requests in CORS

Asked 2 years ago, Updated 2 years ago, 197 views

As for the conditions for a simple request in CORS, there is the following description in MDN, but will the header (e.g., "Cookie") listed in the "forbidden header name" be a simple request?

Apart from the headers set automatically by the user agent (for example, Connection, User-Agent, or any of the other headers with names defined in the fetch spec as a "forbidden header name"), the only headers which are allowed to be fully set these issues "Feeling like the request."

https://developer.mozilla.org/ja/docs/Web/HTTP/CORS

http cors

2022-09-30 21:42

1 Answers

The headers listed in the forbidden header name are automatically added by the browser and cannot be controlled by JavaScript, and even if the headers contain forbidden header, they can be simple requests.

HTTP header layer division[1]

[1]

For the processes of fetch, there is an API layer (HTML'simg, CSS'background-image), early fetch layer, service worker layer, and network&cache layer.Accept and Accept-Language are set in the early layer (the late layer)r, are set in the network&cache layer.Developers can set headers at the API layer or in the service worker layer (typically through a request object).Developers have almost no control over forbidden heads, but can control and accept the command.

22.2.2.Headers[2]

[2]

These are forbidden so the user agent remains in full control over them. Names starting with Sec- are reserved to allow new headers to be maintained that are safe from APIs using fetch that allow control heads by developers, suchasXtRestH[XpH]

For example, the Origin header is forbidden header, but it is always in CORS requests.This also makes it clear that the argument that the headers listed in forbidden header should not be included in the header of a simple request is not valid.

3 3.2.2.HTTP requests[3]

[3]

A CORS request is an HTTP request that includes an Origin header.It cannot be relatively identified as participating in the CORS protocol as the Origin header is also included for all requests which method is the node.

Also, the Cookie header is automatically granted by the browser before sending a simple request once the Set-Cookie header sets the cookie.

Therefore, if you meet the requirements as a simple request, it becomes a simple request.

2022-09-30 21:42

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

1022 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

910 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

587 Scrap text information after the "View More" button when searching in the Yahoo! News search window

578 Understanding How to Configure Google API Key

572 Who developed the "avformat-59.dll" that comes with FFmpeg?

© 2024 OneMinuteCode. All rights reserved.