cors header json code example

Example 1: accept header json

`Accept Header` can be used to ask the server to return
different type of response format 

For example :  

`/api/xname` endpoint , support both xml and json 
as response type so we can add accept header
`application/xml` to get xml result and `application/json` result. 

If server does not support such type ,
it will return `406 not acceptable` status code.

Example 2: what is CORS

Use CORS to allow cross-origin access. 
CORS is a part of HTTP that lets servers specify any other hosts 
from which a browser should permit loading of content.

How to block cross-origin access
To prevent cross-origin writes, 
	check an unguessable token in the request — known as a Cross-Site Request Forgery (CSRF) token. 
    prevent cross-origin reads of pages that require this token.
To prevent cross-origin reads of a resource, 
	ensure that it is not embeddable.
    prevent embedding because embedding a resource always leaks some information about it.
To prevent cross-origin embeds, 
	ensure that your resource cannot be interpreted
    Browsers may not respect the Content-Type header. 
For example, if you point a <script> tag at an HTML document, the browser will try to parse the HTML as JavaScript. When your resource is not an entry point to your site, you can also use a CSRF token to prevent embedding.

cors header json code example

Example 1: accept header json

Example 2: what is CORS

Tags:

Javascript Example

Related

Recent Posts