【CORS is never checked on the destination server】
CORS 的设计目的是允许服务器将 API 的使用者限制在特定的一组主机上。这不被支持,因为对于基于服务器的实现来说,这没有意义。
【CORS is designed to allow a server to limit the consumers of an API to a
specific set of hosts. This is not supported as it does not make sense for a
server-based implementation.】