Cross-Origin Resource Sharing
Published by powerfulyang at Mar 27, 2022
A simple request is one that meets all the following conditions:
- One of the allowed methods:
- Apart from the headers automatically set by the user agent (for example,
User-Agent, or the other headers defined in the Fetch spec as a forbidden header name), the only headers which are allowed to be manually set are those which the Fetch spec defines as a CORS-safelisted request-header, which are:
- The only type/subtype combinations allowed for the media type specified in the
- If the request is made using an
XMLHttpRequestobject, no event listeners are registered on the object returned by the
XMLHttpRequest.uploadproperty used in the request; that is, given an
xhr, no code has called
xhr.upload.addEventListener()to add an event listener to monitor the upload.
ReadableStreamobject is used in the request.