我的问题很简单,但我找不到答案,也没有资源来亲自测试。我可以从一个域向另一个HTTPS域发出HTTPS CORS请求吗?可以从一个域请求HTTPCORS到另一个HTTPS域吗?我知道,我可以从一个域到另一个HTTP域执行HTTPCORS请求,但是当我使用HTTPS时,我不知道有什么不同。
谢谢!
Yes you can.
The only difference is because https is a secure origin, you can only make call to secure origin, so not to http, the browser will block it (see mixed content)
Warning: If you allow http requests to call your https webpage, it will be insecure because it means an attacker can force requests to your https webpage with the cookies of a victim and read the answer
Beware if you still need to support IE8/IE9 and are using XDomainRequest as it does not support cross-protocol requests. As per MDN:
The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the request will error "Access is Denied".