我的问题取决于我坚持的两个假设。
假设nr 1:起源头
浏览器要求将Origin header 放入CORS(跨源资源共享)请求中。
Wikipedia:
To initiate a cross-origin request, a browser sends the request with an Origin HTTP header.
HTML5 Rocks:
The first thing to note is that a valid CORS request always contains an Origin header. This Origin header is added by the browser, and can not be controlled by the user.
W3:
If the request URL origin is not same origin with the original URL origin, set source origin to a globally unique identifier [..].
假设2:Internet Explorer 10+支持CORS
请参阅caniuse.com,并使用google索取支持的数百种其他各种来源。
假设nr 3:不同的端口是不同的来源
使用不同端口号的资源被认为是不同来源的:
Wikipedia
Two resources are considered to be of the same origin if and only if all these values are exactly the same. [..] Failure - Same protocol and host but different port.
Mozilla Developer Network
Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.
问题:
向同一域“localhost”发出CORS请求但使用不同的端口(从8411到8080)时,Internet Explorer 11不会发送
Origin header 。 Opera,FireFox和Chrome确实会发送Origin header 。但是每个人都在说Internet Explorer 10+支持CORS吗?
最佳答案
Internet Explorer对“相同来源”的定义不同于其他浏览器。有关同源策略,请参见MDN文档的 IE Exceptions 部分:
Internet Explorer has two major exceptions when it comes to same origin policy:
- Trust Zones: if both domains are in highly trusted zone e.g, corporate domains, then the same origin limitations are not applied
- Port: IE doesn't include port into Same Origin components, therefore http://company.com:81/index.html and http://company.com/index.html are considered from same origin and no restrictions are applied.
因此,如果跨域请求发生在不同的端口之间,或在IE的受信任区域之一内,则IE不会将请求视为跨域请求,并且不需要添加
Origin: header 。
关于internet-explorer - Internet Explorer 11不会在CORS请求上添加Origin header 吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20784209/