Hızlı yanıt: kod örneği
I was confused about this for a while. Here's how I now understand it:According to the W3C, there are actually three possible values for the attribute: , , and an "missing value default" that can only be accessed by omitting the attribute. (An empty string, on the other hand, maps to .) The default value causes the browser to skip CORS entirely, which is the normal behavior I was expecting.The attribute should only be used if we care about getting error information for the script being loaded. Since accessing this information requires a CORS check, the header must be present on the resource for it to be loaded.
crossorigin
anonymous
use-credentials
anonymous
crossorigin
Access-Control-Allow-Origin