What is the CORS
- CORS: Cross Origin Resource Share
- Origin should not be translated as domain, but as source. Origin contains protocols such as (HTTP/HTTPS); Domain names, such as www.baidu.com; Ports, if there are any ports
- The CORS problem is caused by the fact that the XMLHttpRequest and Fetch apis in browsers adhere to the same-Origin policy, but images, JS, and CSS do not
How does CORS work
- Add Http Headers to a Simple Request and let the server describe which source can read the server’s information
- Header: access-Control-allow-origin: * will appear in the server response
- Origin: www.example.com must be included in the browser request
- But the specification forces the browser to preflight a Request but is a way of getting permission from the server through an Option Request
- The browser sends the Option request first, carrying the additional Headers:
- Access-Control-Request-Method: POST
- Access-Control-Request-Headers: X-PINGOTHER, Content-Type
- The browser sends the Option request first, carrying the additional Headers:
Server CORS configuration in Springboot
- You can configure Http Headers at either the method level or the class level with @Crossorigin
- The CorsRegistory class can be uniformly configured in the configuration class
- IO /guides/gs/ R…