Cross-Origin Resource Sharing (CORS)

跨域：页面打开的http与请求的http的地址不一样 (看地址栏和你的请求url域名或ip)

//跨域的浏览器会让请求带Origin头，表明来自哪里的跨域请求
//file://类型的origin为null
Origin: http://foo.example

response【必须】有

//表明允许跨域访问
Access-Control-Allow-Origin:上面origin的地址

否则就会报错403

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403

跨域其他有关的headers

:*
Access-Control-Allow-Methods:POST,GET
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin,Content-Type,Accept,token,X-Requested-With