启动 server.js, server2.js 访问 http://localhost:8080/, 会读取 test.html 内容,在 test.html 中跨域访问 http://localhost:8888/ ,允许 跨域访问主要在被访问的服务的 response head 中设置相应属性。
head |
meaning |
sample |
Access-Control-Allow-Origin |
允许跨域的 url |
http://localhost:8080, * 表示任意 url |
Access-Control-Allow-Headers |
允许跨域的 headers |
需要在 请求的 heder 中携带 |
Access-Control-Allow-Methods |
允许跨域的 method |
GET, POST, PUT, DELETE … |
Access-Control-Max-Age |
不再对跨域限制最大时间,不再发送 OPTION 方法预处理 (preflight) |
单位是 s, 例如 1000 表示 1000s |
server.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| const http = require('http') const fs = require('fs')
http .createServer((request, response) => { const html = fs.readFileSync('./test.html', 'utf8') response.writeHead(200, { 'Content-Type': 'text/html' }) response.end(html) }) .listen(8080, () => { console.log('server is listening on 8080') })
|
test.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
| <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta http-equiv="X-UA-Compatible" content="ie=edge" /> <title>test</title> </head> <body> <h1>Test CORS</h1>
<script> fetch('http://127.0.0.1:8888', { method: 'GET', headers: { 'X-Test-CORS': '666' } }).then(console.log) </script>
</body> </html>
|
server2.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| const http = require('http')
http .createServer((request, response) => { response.writeHead(200, { 'Access-Control-Allow-Origin': 'http://localhost:8080', 'Access-Control-Allow-Headers': 'X-Test-CORS', 'Access-Control-Allow-Methods': 'GET', 'Access-Control-Max-Age': '1000' }) response.end('hello, http') }) .listen(8888, () => { console.log('server is listening on 8888') })
|