HTTP
指南：
资源和 URI
HTTP 指南
HTTP 安全
HTTP 访问控制（CORS）
HTTP 认证
HTTP 缓存
HTTP 压缩
HTTP 条件请求
HTTP 内容协商
HTTP cookies
HTTP 范围请求
HTTP 重定向
HTTP 规范
特征策略
参考：
HTTP 头部
HTTP 请求方法
HTTP 响应状态码
CSP 指令
1. CSP: base-uri
2. 已弃用 CSP: block-all-mixed-content
3. CSP: child-src
4. CSP: connect-src
5. CSP: default-src
6. CSP: font-src
7. CSP: form-action
8. CSP: frame-ancestors
9. CSP: frame-src
10. CSP: img-src
11. CSP: manifest-src
12. CSP: media-src
13. 实验性 CSP: navigate-to
14. CSP: object-src
15. 非标准已弃用 CSP: plugin-types
16. 实验性 CSP: prefetch-src
17. 非标准已弃用 CSP: referrer
18. CSP: report-to
19. 已弃用 CSP: report-uri
20. 非标准已弃用 CSP: require-sri-for
21. 实验性 CSP: require-trusted-types-for
22. CSP: sandbox
23. CSP: script-src
24. CSP: script-src-attr
25. CSP: script-src-elem
26. CSP source values
27. CSP: style-src
28. CSP: style-src-attr
29. CSP: style-src-elem
30. 实验性 CSP: trusted-types
31. CSP: upgrade-insecure-requests
32. CSP: worker-src
CORS 错误
1. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
2. Reason: CORS request did not succeed
3. Reason: CORS disabled
4. Reason: CORS request external redirect not allowed
5. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
6. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'
7. Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'
8. Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
9. Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
10. Reason: CORS header 'Access-Control-Allow-Origin' missing
11. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
12. Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
13. Reason: CORS header 'Origin' cannot be added
14. Reason: CORS preflight channel did not succeed
15. Reason: CORS request not HTTP
Feature-Policy 指令

Reason: CORS disabled

原因

哪里错了？

参见