Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
253 views
in Technique[技术] by (71.8m points)

javascript - Does Cross-Origin Resource Sharing(CORS) differentiate between HTTP AND HTTPS?

I have two sites : https//:www.domain-only-uses-https.com and www.domain-uses-both-http-and-https.com

Now I am making 2 ajax GET requests in the page of the former to the later, one is

https://www.domain-uses-both-http-and-https.com/some-path  (using the HTTPS scheme) 

and the other one is

http://www.domain-uses-both-http-and-https.com/some-other-path (using the HTTP scheme)

And I DID set the "https//:www.domain-only-uses-https.com" as the value of "Access-Control-Allow-Origin:" header in the server "www.domain-uses-both-http-and-https.com ".

But now it seems that only request 1 is allowed by Chrome ,but request 2 is forbidden.

So my question is : does the "Access-Control-Allow-Origin" header differentiate between HTTP AND HTTPS? Hope I've made myself clear..

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Yes, HTTP and HTTPS origins are different.

An origin is a combination of hostname, port, and scheme.

  http://foo.example.com:8080/
  ^^^^   ^^^^^^^^^^^^^^^ ^^^^
   ||           ||        ||
 scheme      hostname    port

If not all of these fields match between two resources, then the resources are from different origins. Thus, you must expressly specify whether the resource is accessible from the origin with an HTTP scheme or the origin with an HTTPS scheme.

Some browsers only allow the Access-Control-Allow-Origin header to contain exactly one origin (or *) sent with each response; however, your server can detect the request's Origin header and send the same origin in the CORS response.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...