sec-fetch-mode: cors
The "sec-fetch-mode" header is a security feature added in modern web browsers to protect against cross-site request forgery (CSRF) attacks. It specifies the mode of the fetch request, which can be one of three values:
- "navigate": Indicates that the request is a navigation request triggered by the user clicking on a link, typing a URL into the address bar or using the back/forward buttons.
- "same-origin": Indicates that the request is a same-origin request, meaning that the request is made to the same domain as the current page.
- "cors": Indicates that the request is a cross-origin request, meaning that the request is made to a different domain than the current page.
The "cors" mode is used when making AJAX requests to APIs hosted on a different domain than the web page. The browser will automatically add additional headers to the request to ensure that the API server allows the request to be made from the web page. This helps prevent malicious websites from accessing sensitive information from other domains.
原文地址: https://www.cveoy.top/t/topic/yqx 著作权归作者所有。请勿转载和采集!