跨域

CORS

接口支持“跨域资源共享”(Cross Origin Resource Sharing, CORS)这里这里这份中文资料有一些指导性的资料。

简单示例:

  1. $ curl -i https://api.example.com -H "Origin: http://example.com"
  2. HTTP/1.1 302 Found
  1. $ curl -i https://api.example.com -H "Origin: http://example.com"
  2. HTTP/1.1 302 Found
  3. Access-Control-Allow-Origin: *
  4. Access-Control-Expose-Headers: ETag, Link, X-Total-Count
  5. Access-Control-Allow-Credentials: true

预检请求的响应示例:

  1. $ curl -i https://api.example.com -H "Origin: http://example.com" -X OPTIONS
  2. HTTP/1.1 302 Found
  3. Access-Control-Allow-Origin: *
  4. Access-Control-Allow-Headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With
  5. Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE
  6. Access-Control-Expose-Headers: ETag, Link, X-Total-Count
  7. Access-Control-Max-Age: 86400
  8. Access-Control-Allow-Credentials: true

JSON-P

如果在任何 GET 请求中带有参数 callback ,且值为非空字符串,那么接口将返回如下格式的数据

  1. $ curl http://api.example.com/#{RESOURCE_URI}?callback=foo
  1. foo({
  2.   "meta": {
  3.     "status": 200,
  4.     "X-Total-Count": 542,
  5.     "Link": [
  6.       {"href": "http://api.example.com/#{RESOURCE_URI}?cursor=0&count=100", "rel": "first"},
  7.       {"href": "http://api.example.com/#{RESOURCE_URI}?cursor=90&count=100", "rel": "prev"},
  8.       {"href": "http://api.example.com/#{RESOURCE_URI}?cursor=120&count=100", "rel": "next"},
  9.       {"href": "http://api.example.com/#{RESOURCE_URI}?cursor=200&count=100", "rel": "last"}
  10.     ]
  11.   },
  12.   "data": // data
  13. })