Access-Control-Max-Age 这个响应首部表示 preflight request (预检请求)的返回结果(即 Access-Control-Allow-Methods 和Access-Control-Allow-Headers 用法: Access-Control-Max-Age: <delta-seconds> 返回结果可以用于缓存的最长时间,单位是秒。 注:需要注意的是Access-Control-Max-Age的设置针对完全一样的url,如果url加上路径参数,其中一个url的Access-Control-Max-Age设置对另一个url没有效果!!
,在POST请求发出之前一般会发送pre-flight请求来试探下服务器,看下是否有些请求头或者请求方法服务器端是否支持,如下图所示: 从上图可以看出服务器端支持POST、GET等请求,上面返回的 Access-Control-Max-Age
Access-Control-Allow-Origin 允许跨域请求的域名,如果要允许所有域名则设置为 * Access-Control-Allow-Headers 将实际请求所携带的首部字段告诉服务器 Access-Control-Max-Age 转为简单请求,如用 JSONP 做跨域请求 对 options 请求进行缓存,服务器端设置 Access-Control-Max-Age 字段,那么当第一次请求该 URL 时会发出 OPTIONS 请求 ,浏览器会根据返回的 Access-Control-Max-Age 字段缓存该请求的 OPTIONS 预检请求的响应结果(具体缓存时间还取决于浏览器的支持的默认最大值,取两者最小值,一般为 10 分钟) (chrome 打开控制台可以看到,当服务器响应 Access-Control-Max-Age 时只有第一次请求会有预检,后面不会了。注意要开启缓存,去掉 disable cache 勾选。)
/允许的访问方法, 代表全部可以访问 httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET"); //Access-Control-Max-Age 用于 CORS 相关配置的缓存 httpServletResponse.setHeader("Access-Control-Max-Age", "3600"); httpServletResponse.setHeader
整理代码如下,添加在 location 节点 add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Max-Age add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Max-Age' '1000' always Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age
token,r,sign,time"; add_header 'Access-Control-Expose-Headers' 'Content-Disposition'; add_header 'Access-Control-Max-Age Access-Control-Allow-Credentials' 'true'; #add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; #add_header 'Access-Control-Max-Age proxy_set_header Host $host; } } 提及个优化的事,就是为了快速访问网页,提升访问效率,有很多解决方式,比如服务端加缓存,前端懒加载等,但是忽略了一个很容易的优化,那就是Access-Control-Max-Age
标识该资源支持哪些方法,例如:POST, GET, PUT, DELETE Access-Control-Allow-Headers: 标识允许哪些额外的自定义 header 字段和非简单值的字段 Access-Control-Max-Age 服务器端设置Access-Control-Max-Age字段 当第一次请求该URL时会发出OPTIONS请求,浏览器会根据返回的Access-Control-Max-Age字段缓存该OPTIONS预检请求的响应结果 (chrome 打开控制台可以看到,当服务器响应Access-Control-Max-Age时只有第一次请求会有预检,后面不会了。 TimeSpan.FromHours(24)); }); }); } - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Max-Age response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Max-Age
允许跨域请求的域) access-control-allow-methods(允许跨域请求的请求方式) access-control-allow-headers(允许跨域请求的请求头) 另外,服务端还可以通过Access-Control-Max-Age 如果上面的中有一条我们没法避免就只能设置认证的生效时间了Access-Control-Max-Age。 Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Max-Age ' 36000; if ($request_method = OPTIONS ) { return 200; } } 其中: Access-Control-Max-Age,用来指定本次预检请求的有效期
Access-Control-Allow-Origin: *");//当前跨域域名 * 全部 header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE");// 响应类型 header("Access-Control-Max-Age : 3628800");//Access-Control-Max-Age用来指定本次预检请求的有效期,单位为秒,,在此期间不用发出另一条预检请求。
Access-Control-Allow-Origin: http://kbiao.me Access-Control-Max-Age: 3628800 Access-Control-Allow-methods Access-Control-Allow-Credentail: true “Access-Control-Allow-Origin"表明它允许” http://kbiao.me "发起跨域请求 "Access-Control-Max-Age
允许的访问方法 rep.setHeader("Access-Control-Allow-Methods","POST, GET, PUT, OPTIONS, DELETE, PATCH"); // Access-Control-Max-Age 用于 CORS 相关配置的缓存 rep.setHeader("Access-Control-Max-Age", "3600"); rep.setHeader("Access-Control-Allow-Headers
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, token" Header set Access-Control-Max-Age Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, token" Header set Access-Control-Max-Age
Access-Control-Allow-Origin: https://foo.bar.org Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age : 86400 可以选择使用 Access-Control-Max-Age 标头为在同一 URL 中创建的请求缓存预检响应,如上例所示。
access-control-allow-methods", "access-control-allow-origin", "access-control-max-age access-control-allow-methods", "access-control-allow-origin", "access-control-max-age
DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age PUT,GET,POST,DELETE < Access-Control-Allow-Headers: < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age
协议更详细内容参考跨域资源共享 CORS 详解 CROS常见header CORS具有以下常见的header Access-Control-Allow-Origin: http://kbiao.me Access-Control-Max-Age Access-Control-Allow-Headers: content-type "Access-Control-Allow-Origin"表明它允许" http://kbiao.me "发起跨域请求 "Access-Control-Max-Age response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age ","*"); response.addHeader("Access-Control-Allow-Methods","*"); response.addHeader("Access-Control-Max-Age response.addHeader("Access-Control-Allow-Headers", "Content-Type"); response.addHeader("Access-Control-Max-Age
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT"); response.setHeader("Access-Control-Max-Age Access-Control-Max-Age 该字段可选,用来指定本次预检请求的有效期,单位为秒。在有效期间,不用发出另一条预检请求。 顺便提一下,如果在开发中,发现每次发起请求都是两条,一次OPTIONS,一次正常请求,注意是每次,那么就需要配置Access-Control-Max-Age,避免每次都发出预检请求。
Access-Control-Allow-Credentials:true'); header('Access-Control-Allow-Methods:GET, POST, OPTIONS'); header('Access-Control-Max-Age # Tell client that this pre-flight info is valid for 20 days # add_header 'Access-Control-Max-Age
扫码关注腾讯云开发者
领取腾讯云代金券
云服务器
即时通信 IM
网站备案
对象存储
实时音视频
