What is the difference between cors and ajax

The difference between cors and ajax is: when cors makes a request, several keywords will be added to the HTTP request header to indicate that the current request is a cross-domain request, but these keywords will not be added when making an ajax request; cors is the abbreviation of "Cross-origin resource sharing", which means cross-origin resource sharing.

The operating environment of this article: windows10 system, javascript1.8.5&&html5 version, Dell G3 computer.

The difference between CORS and Ajax:

There is no difference between CORS and Ajax when sending requests. They are both http requests. The only difference is the CORS request. When , several keywords will be added to the http request header to indicate that the current request is a cross-domain request.

Extended knowledge:

CORS is a W3C standard, the full name is "Cross-origin resource sharing". We know that there is a cross-domain problem when using a browser to send http requests (ajax). The current mainstream cross-domain solution is CORS.

It is particularly emphasized here that the cross-domain we often talk about is only a limitation of the browser. If we use a script to send a request or request through a server, there will be no cross-domain problems. The main reason for this is that the browser uses The threshold is very low. In order to prevent people with ulterior motives from attacking ordinary users, cross-domain policies are introduced

CORS Introduction

CORS was released by W3C on January 16, 2014 A formally recommended communication standard that mainly solves the problem of user agent web applications accessing resources and obtaining data from another site through Ajax or other mechanisms.

Premise: The server needs to add related functions that support CORS, that is, set the allowed value of Access-Control-Allow-Origin of http

CORS communication is completed by the browser, no need User participation. By default, browsing communicates through Ajax. If the browser detects that the current request is cross-domain when sending a request, it will automatically convert to CORS

two request modes of CORS

Browsers divide CORS requests into two categories: simple requests and non-simple requests

Simple requests are to request data using the set request method

Non-simple requests Before requesting data using the set request method, an OPTIONS request is first sent to see if the server allows the client to send non-simple requests. Only after the "preflight" is passed will another request be sent for data transmission

As long as the following two conditions are met at the same time, it is a simple request.

Condition 1:

The request method is one of the following three methods:

HEAD

GET

POST

Condition 2:

HTTP header information does not exceed the following fields:

Accept
Accept-Language
Content-Language
Last-Event-ID
Content-Type：只限于三个值application/x-www-form-urlencoded、multipart/form-data、text/plain

Simple request

A simple request is that the browser directly sends a CORS request (ajax request). Before sending, the browser will add a request header Origin

to this http request. In the header information above, the Origin field is used to indicate which source this request comes from (protocol domain name port). The server decides whether to agree to the request based on this value.

Non-simple request

A non-simple request is to send an OPTIONS request before sending the request, and check in advance whether the request is allowed. The main purpose is to prevent cross-domain The request destroys or steals background data. Simple requests are less secure. The server returns the data after processing the request. In non-simple request mode, the server should not process the request during early detection.

[Related tutorial recommendations: AJAX video tutorial]

The above is the detailed content of What is the difference between cors and ajax. For more information, please follow other related articles on the PHP Chinese website!