测试域名跨域请求

域名请求测试 curl -I -H "Origin: www.yht.com" -v "https://www.yht.com/app/work-share/js/libpag.wasm"

该命令是使用curl工具发送HTTP请求的示例。它使用了以下参数：

• -H "Origin: www.yht.com"：设置HTTP头部中的Origin字段为www.yht.com。Origin字段通常用于跨域请求的安全验证。
• -v：打开详细模式，显示请求和响应的详细信息。
• 通过-I选项，curl将发送一个HEAD请求
• "https://www.yht.com/app/work-share/js/libpag.wasm"：指定要发送请求的URL。

从下述curl命令的响应中，可以通过以下两个字段来确定是否存在跨域：

1. Access-Control-Allow-Origin：该字段指示服务器是否允许来自特定域名的跨域请求。如果该字段的值为*，表示服务器允许来自任意域名的跨域请求。如果值为具体的域名，表示服务器只允许来自该域名的跨域请求。在给出的响应中，Access-Control-Allow-Origin字段的值为*，表示服务器允许来自任意域名的跨域请求。
2. Origin头部字段：该字段在请求中指定了请求来自的域名。在给出的请求中，Origin头部字段的值为www.yht.com，表示请求来自该域名。

• Access-Control-Allow-Methods: GET, HEAD, PUT, DELETE, POST：该字段指示服务器允许的跨域请求方法。在这种情况下，服务器允许GET、HEAD、PUT、DELETE和POST方法的跨域请求。
• Access-Control-Expose-Headers: x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, ETag：此字段指示在跨域请求中可以访问的额外响应头部字
• X-Cache: Miss from cloudfront：该字段指示响应是从CloudFront缓存中获取的，但在缓存中未命中（miss）。

[root@k8s-master01 common]# curl -I -H "Origin: www.yht.com" -v "https://www.yht.com/app/work-share/js/libpag.wasm"
* About to connect() to www.yht.com port 443 (#0)
*   Trying 13.32.50.96...
* Connected to www.yht.com (13.32.50.96) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=lavatest.com
*       start date: 2月 27 00:00:00 2023 GMT
*       expire date: 12月 02 23:59:59 2023 GMT
*       common name: lavatest.com
*       issuer: CN=Amazon RSA 2048 M01,O=Amazon,C=US
> HEAD /app/work-share/js/libpag.wasm HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.yht.com
> Accept: */*
> Origin: www.yht.com
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: binary/octet-stream
Content-Type: binary/octet-stream
< Content-Length: 3102725
Content-Length: 3102725
< Connection: keep-alive
Connection: keep-alive
< Date: Wed, 27 Sep 2023 14:54:12 GMT
Date: Wed, 27 Sep 2023 14:54:12 GMT
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, HEAD, PUT, DELETE, POST
Access-Control-Allow-Methods: GET, HEAD, PUT, DELETE, POST
< Access-Control-Expose-Headers: x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, ETag
Access-Control-Expose-Headers: x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, ETag
< Last-Modified: Wed, 27 Sep 2023 07:01:56 GMT
Last-Modified: Wed, 27 Sep 2023 07:01:56 GMT
< ETag: "ea89c95c674842599c9ad28056016bc6"
ETag: "ea89c95c674842599c9ad28056016bc6"
< x-amz-server-side-encryption: AES256
x-amz-server-side-encryption: AES256
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Server: AmazonS3
Server: AmazonS3
< X-Cache: Miss from cloudfront
X-Cache: Miss from cloudfront
< Via: 1.1 ad1db92b031434a160947f1147cb5db2.cloudfront.net (CloudFront)
Via: 1.1 ad1db92b031434a160947f1147cb5db2.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: NRT57-C1
X-Amz-Cf-Pop: NRT57-C1
< Alt-Svc: h3=":443"; ma=86400
Alt-Svc: h3=":443"; ma=86400
< X-Amz-Cf-Id: vxuT07gNTBO4or0PHSlfgK5f48NCRwDgj54Te3dv_Tiv_6f3ojOYUA==
X-Amz-Cf-Id: vxuT07gNTBO4or0PHSlfgK5f48NCRwDgj54Te3dv_Tiv_6f3ojOYUA==