I can understand if the server sets the ip, but why does setting the application type to the browser still require whitelist restrictions on the domain name?
at this time, the request for Baidu Map API should come from the customer"s browser, that is, we can"t predict which domain name or ip will be. What is the reason for setting the whitelist of ip and domain names at this time? How does it play the role of restriction?
means the same thing as hotlink protection. Don't let other websites use your api token.
set to half-width *, there will be no limit, and you can deal with your application scenarios
Let's write an answer. The problem here is actually caused by the fact that I am now working locally as a debugger. When we want to use the api of Baidu Maps, we are actually getting a js file. Instead of when we use any of the api, we want to make a request from Baidu's server. When we browse a html page in a browser. The process is to send a request from the local browser, and then the remote server returns the html page and the js file, while the apijs file is obtained from the remote server. At this time, our server wants Baidu to send the request, and the Baidu map detection server ip determines whether it is on the whitelist, and then returns the js file. In the future, when we make some requests with the server of Baidu Maps on the browser side, I feel that the server of Baidu can judge which address the js that sent this request comes from according to referrer.
this may also explain why the server writes ip, and the browser writes referrer, which should have something to do with the mechanism of http.