Cross-Origin Resource Sharing
Published by powerfulyang at Mar 27, 2022
Relate to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Simple requests
A simple request is one that meets all the following conditions:
- One of the allowed methods:
- GET
- HEAD
- POST
- Apart from the headers automatically set by the user agent (for example,
Connection
,User-Agent
, or the other headers defined in the Fetch spec as a forbidden header name), the only headers which are allowed to be manually set are those which the Fetch spec defines as a CORS-safelisted request-header, which are:- Accept
- Accept-Language
- Content-Language
- Content-Type
- The only type/subtype combinations allowed for the media type specified in the
Content-Type
header are:application/x-www-form-urlencoded
multipart/form-data
text/plain
- If the request is made using an
XMLHttpRequest
object, no event listeners are registered on the object returned by theXMLHttpRequest.upload
property used in the request; that is, given anXMLHttpRequest
instancexhr
, no code has calledxhr.upload.addEventListener()
to add an event listener to monitor the upload. - No
ReadableStream
object is used in the request.