script
tags can do it! Why can't other requests?Do as your mother told you!
Your mother would be proud.
See CORS (wikipedia) W3C Recommendation
Access-Control-Allow-Origin
HeaderThink: what website can access this resource.
Allow all websites:
Access-Control-Allow-Origin: *
Allow a specific website:
Access-Control-Allow-Origin: http://www.example.com/
Local testing:
Access-Control-Allow-Origin: http://localhost:8080/
CORS enable a service:
We're going to fix the API server so it uses CORS.
Run API servers:
python api/api.py
Run the client:
cd web; python -m SimpleHTTPServer
local.json
" and press the button. It
should load a hacked local resource.Change index.xhtml to use
as the server when http://localhost:5000/
UserFetch
is created.
Use 'alex
' or 'grace
' as the user. It should be broken.
Fix it.