参考博客:
跨域(CORS)和CSRF攻击的区别:
CORS是处理脚本中的跨站访问,响应被浏览器阻止的情况,解决方式是加入特殊的运行跨域响应头:
https://www.zhihu.com/question/26379635
跨域并非浏览器限制了发起跨站请求,而是跨站请求可以正常发起,但是返回结果被浏览器拦截了。最好的例子是CSRF跨站攻击原理,请求是发送到了后端服务器无论是否跨域!
https://www.cnblogs.com/nananana/p/8492185.html
CSRF就跨域了,但不是通过脚本,而是网站中正常的GET/POST请求:
http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html
跨域前、后端解决方式:
https://www.cnblogs.com/520playboy/p/7306008.html
https://blog.csdn.net/Colton_Null/article/details/75195230
https://www.cnblogs.com/smiler/p/8509062.html
https://blog.csdn.net/saytime/article/details/74937204
https://www.cnblogs.com/chenshishuo/p/4919224.html
https://www.cnblogs.com/dojo-lzz/p/4265637.html
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
比较全的带后端实现的:
https://www.cnblogs.com/itmacy/p/6958181.html
SpringMVC解决跨域:
https://blog.csdn.net/tg928600774/article/details/80325040
https://www.jb51.net/article/112152.htm
请求头和响应头内容: