网页内请求一般不允许跨域,并且是根据二级域名级别限制(网页当前域名)
1.使用jsonp :jsonp只允许get而不支持post等
2.修改服务器返回response的header头(Access-Control-Allow-Origin),但为了安全也最好加个判断,只允许自己允许的少数域名可以跨域
"""Write json to client"""
set_header('Content-type', 'application/json; charset=UTF-8')
# 获取请求headers头Origin
http_origin = self.request.headers['Origin'] if 'Origin' in self.request.headers else '*'
# 允许固定域名跨域
if http_origin in ['http://app.baidu.com', 'http://api.baidu.com']:
set_header("Access-Control-Allow-Origin", http_origin)
set_header("Access-Control-Allow-Credentials", "true")
set_header("Access-Control-Allow-Methods", "*")
set_header("Access-Control-Allow-Headers", "Content-Type,Accept,Authorization")
set_header("Access-Control-Max-Age", "86400")
