给出以下请求标头:
** General
Request URL:http://0.1.2.3:4040/path/to/image.png
Request Method:GET
Status Code:200 OK
Remote Address:0.1.2.3:4040
** Request Headers
Accept:image/webp,image/*,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en,en-US;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=4iszpyyzk50qa07h4fez8g20
Host:10.2.2.23:4040
Pragma:no-cache
Referer:http://localhost:3000/?mandator=xyz
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
为什么浏览器允许在没有任何“访问控制 - 允许 - 来源”的情况下做出响应。标题,并没有抛出CORS异常?
** Response Headers
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 06 Jul 2016 09:36:14 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sun, 22 Jan 2017 09:36:14 GMT
更新:此请求的来源目前为localhost:3000