# Cross-origin Resource Sharing issue

(Cross-domain refers to access between different domains.Restricting cross-domain access is a browser policy for security purposes, that is, the same-origin policy. Due to this JavaScript same-origin policy, JavaScript under domain A cannot operate objects under domain B or C.The same protocol, domain name (or IP address), and port are considered as the same domain. If the protocols, domain names, and ports (if specified) of the two web pages are the same, the two web pages have the same origin. )

Accessing interfaces on non-homologous sources,response header should add the following parameters

response header fields values
Cross-Origin-Resource-Policy(important) cross-origin( please refer to frontend pages and finish Nginx configuration)
Access-Control-Allow-Origin * or specific host address such as https://www.baidu.com:8080
Access-Control-Allow-Methods * or specific Method such as GET,PUT,DELETE,POST,HEAD
Access-Control-Allow-Headers *
Access-Control-Allow-Credentials true
Access-Control-Max-Age 3600

for object storage,please refer to following unfilled fields of CORS image.png

# reference configuration of Aliyun storage with CORS

resource permitted Methods permitted headers exposed headers cache time(second)
* GET POST PUT DELETE HEAD * ETag x-oss-request-id 1800