html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>cors例子</title> </head> <body> <script> var xmlhttp; if (window.XMLHttpRequest) { // IE7 +, Firefox, Chrome, Opera , Safari browser executing the code XMLHTTP = new new the XMLHttpRequest (); } the else { // IE6, IE5 browser executing code XMLHTTP = new new the ActiveXObject ( " Microsoft.XMLHTTP " ); } xmlhttp.onreadystatechange = function () { IF (xmlHttp.readyState == . 4 && xmlhttp.status == 200 is ) { the console.log (XMLHTTP) } } xmlhttp.open ( " the GET " , "http://localhost:3000/get",true); xmlhttp.send(); </script> </body> </html>
We create a ajax request interface port 3000
Backend port 4000
server.js
const express = require('express'); const app = express(); app.get('/get',function(req,res) { res.end('跨域处理') }) app.listen(3000, () => console.log('The server is starting at port 3000'));
Generate cross-domain:
Add cross-domain process:
app.all ( '*', function (REQ, RES, Next) {
res.header ( 'Access-Control-the Allow-Origin', '*');
// the Allow-Access-Control-Headers, according to the browser F12 of view, the corresponding line paste here
res.header ( 'Access-Control-the Allow-Headers', 'the Type-the Content');
res.header ( 'Access-Control-the Allow-Methods', '*') ;
res.header ( 'the Content-the Type', 'file application / JSON; charset = UTF-. 8');
Next ();
});
effect:
Output; cross-domain processing
Warehouse Address: https://gitee.com/guangzhou110/web-attack