Browser cross-domain specific processes
Browser cross-domain processing mode
Cross-domain access interface when the browser is going to access interface, but due to the impact of cross-domain, can not be returned to the front-end data acquisition.
By back-end solution
The rear end of the response data when necessary, the following needs to be added in response to the data head
Access-Control-Allow-Origin:获取请求头的Origin
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:POST, GET, PATCH, DELETE, PUT
Access-Control-Max-Age:3600
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Note: Be sure to set up (usually in the interceptor), rearward set too may be ignored (such as could not pass blocker) and is not set on before entering the back-end processes.
Principle (process) is essentially the same-origin policy
The browser is open up in response to server-side cross-domain. To be successful cross-domain, you need to set response headers before those above response data; tell your browser to accept cross-domain access. The browser will access the data back to the front-end processing; otherwise, the data is not to the front.
Note: Regardless of the browser that you do not cross-domain cross-domain will access the corresponding server-side interface, and ultimately whether or not to return to the back-end to front-end processing of data depends on the termination does not accept cross-domain access (that is, whether a corresponding response head)
Origin policy: non-authorized parties from different sources can not read each other's data.
Suggest
Not when necessary, we will never accept cross-domain access.