The W3C CORS spec clearly states in step 2:
If the response contains an HTTP status code of 301, 302, 303, 307, or 308 Apply the cache and network error steps.
If the response contains an HTTP status code of 301, 302, 303, 307, or 308
Apply the cache and network error steps.
I think this measure has been added to mitigate security risks. However, I cannot find a source detailing exactly what the consequences will be of providing redirect permissions.
Questions on how to work around this issue have been asked before . I am looking for an explanation of why this proposal is included in the specification in the first place, for example, the following questions:
CORS - What is the motivation for implementing pre-flight requests?
Why does a HEAD request for cross origin need to be checked beforehand?
WHATWG:
, . , - , , .
Source: https://habr.com/ru/post/1543957/More articles:Drawing a rectangle using mouse events in Tkinter - pythonTkinter: draw a rectangle with the mouse - pythonSearch in sleep mode, can I find special characters? - javaКак загрузить ранее сохраненный классификатор svm? - c++How CQRS can contribute to more scalable applications - domain-driven-designНарисуйте прямоугольник на щелчке мыши [Python] - pythonjunit 4.10 how to get test case name printed before running test - javaКак распечатать текущий исполняемый метод junit test во время всех тестов в классе или наборе с помощью ANT? - javamost efficient reservation overlap detection in javascript - javascriptЕсть ли дополнительные накладные расходы для вызова функции в отдельной единице компиляции? - cAll Articles