0X00 在浏览器Console输入下面的代码
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://www.xxx.com/api/action');
xhr.send(null);
xhr.onload = function(e) {
var xhr = e.target;
console.log(xhr.responseText);
}
0X01 生成HTML文件并替代码中链接
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
</head>
<body>
<a href="javascript:test()">Test CORS</a>
<script>
function test() {
var url = 'http://xxxxxxxxxxxxxxx';
var xhr = new XMLHttpRequest();
xhr.open('HEAD', url);
xhr.onload = function () {
var headers = xhr.getAllResponseHeaders().replace(/\r\n/g, '\n');
alert('request success, CORS allow.\n' +
'url: ' + url + '\n' +
'status: ' + xhr.status + '\n' +
'headers:\n' + headers);
};
xhr.onerror = function () {
alert('request error, maybe CORS error.');
};
xhr.send();
}
</script>
</body>
</html>
0X02 Curl测试命令
curl -i -X OPTIONS 'https://****************' \
-voa /dev/null \
-H 'Origin: http://*********(跨域地址)' \
-H "Access-Control-Request-Method: GET(动作)"
转自:win10beta 在线测试跨域请求
