我在看this的问题，它是一个链接，的http：//黑客。 mozilla.org/2011/03/the-shortest-image-uploader-ever/~~V 它具有以下code：

I'm looking at this question and in it is a link to http://hacks.mozilla.org/2011/03/the-shortest-image-uploader-ever/ which has the following code:

var fd = new FormData();
fd.append("image", file); // Append the file
fd.append("key", "6528448c258cff474ca9701c5bab6927");
// Get your own key: http://api.imgur.com/

// Create the XHR (Cross-Domain XHR FTW!!!)
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://api.imgur.com/2/upload.json"); // Boooom!
xhr.onload = function() {
    // Big win!
    // The URL of the image is:
    JSON.parse(xhr.responseText).upload.links.imgur_page;
 }
 // Ok, I don't handle the errors. An exercice for the reader.
 // And now, we send the formdata
 xhr.send(fd);

这是如何跨域请求的工作？我认为是一个规则，有一些阻止人们这样做只是这一点。

How does this cross domain request work? I thought as a rule there are security restrictions that stop people from doing just this.

推荐答案

服务器reponding与访问控制 - 允许 - 产地设置为允许跨域请求

The server is reponding with the Access-Control-Allow-Origin set to allow cross domain requests

Response Headers
Access-Control-Allow-Origin: *  
Cache-Control   max-age=604800
Connection  keep-alive
Content-Length  494
Content-Type    application/json

http://www.w3.org / TR / CORS /＃的访问控制，允许原产地响应-HEA

HTTP：//hacks.mozilla .ORG / 2009/07 /跨站xmlhtt prequest-与-CORS