Using cors across domains requires the target server to add your host in Access-Control-Allow-Origin or set Access-Control-Allow-Origin to *. If the target server is a third party, it seems unrealistic for him to add me. If it is a public API, it cannot be added. In this case, is it set to *? If set to * to accept requests from any domain name, will there be any problem with XSS attacks?
为情所困2017-06-29 10:12:17
Public APIs such as Baidu API require a secret key to adjust the interface. To adjust the interface of a third-party server, you need to apply for whitelisting. . .
世界只因有你2017-06-29 10:12:17
For security considerations, most open interfaces require signature verification. You can take a look at Alibaba’s open interface https://market.aliyun.com/data
