Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
249 views
in Technique[技术] by (71.8m points)

请教CORS安全性的问题

面试的时候被问到CORS安全性问题,没答上来,想请教下大家。
CORS在服务器端设置了Access-Control-Allow-Origin,不设定为*,不是只有指定的域才能发起请求吗,否则就被浏览器拦截了呀,有看到说http头可以伪造,但是手动设置Origin也会被浏览器阻止,请问CORS的漏洞到底在哪儿?有什么解决方案?谢谢


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...