Кроссдоменные запросы (CORS)

Использование Origin-заголовков для возможности из JavaScript осуществлять Ajax-запросы к API на другом домене.

  • 00:00:22 HTTP
  • 00:00:52 GET/HTTP
  • 00:01:11 script
  • 00:02:03 Blocked by CORS policy
  • 00:02:37 Same Origin Policy
  • 00:03:08 Cross Origin
  • 00:05:01 Same Origin
  • 00:05:22 Same Origin Policy
  • 00:06:50 Примеры работы
  • 00:07:42 Methods and Headers
  • 00:11:56 Simple Request
  • 00:12:22 GET + Accept
  • 00:13:47 Access-Control-Allow-Origin
  • 00:14:44 POST
  • 00:15:50 POST в формате JSON
  • 00:16:51 Preflighted Request
  • 00:17:01 Предзапрос OPTIONS
  • 00:18:21 Access-Control-Allow-Methods
  • 00:19:36 Access-Control-Request-Headers
  • 00:20:11 Access-Control-Allow-Headers
  • 00:21:10 Access-Control-Request-Methods
  • 00:24:23 Extended Headers
  • 00:24:27 X-Version
  • 00:25:23 Authorization
  • 00:26:47 Cookies
  • 00:27:30 Access-Control-Allow-Credentials
  • 00:27:55 Access-Control-Allow-Origin
  • 00:28:41 Other
  • 00:29:18 Expose Headers
  • 00:31:14 Max Age
  • 00:32:08 Подведение итогов
...