问题
i have a question about origin and host
i have a ajax page "Page A" which will call the ajax feed "Page B"
i saw that the request header of "Page B" from the ajax call has origin "http://mydomain.com" and host "mydomain.com"
however if i call the "Page B" directly the request header will only have host "mydomain.com"
Thus i want to know what is the different between origin and host and why it show up on non-direct call?
Can origin be pretended and pass to server?
回答1:
This 2 links may help to answer your question.
http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request
http://en.wikipedia.org/wiki/Same_origin_policy
回答2:
The Host is the domain the request is being sent to. This header was introduced so hosting sites could include multiple domains on a single IP.
The Origin header is the domain the request originates from.
The Host header is always included. The Origin header is included sometimes: It is always included on cross-origin requests (across all browsers), and in Chrome/Safari, it is also included on same-origin PUT/POST/DELETE requests. Same-origin GET requests do not include an Origin header.
来源:https://stackoverflow.com/questions/13851946/header-origin-vs-host