仅使用JavaScript更改CORS政策? [重复]

我有一个Web应用程序的想法,可以帮助我改善前端开发。重构前端代码时,我希望能够快速直观地检查站点上的所有实例。

我目前的计划是将它们加载到一系列iframe中,并能够快速浏览每个iframe上的实例。与朋友讨论之后,我们想出的计划是使用js脚本:1)授予iframe / CORS访问页面的权限,以及2)扫描页面并将类的实例发送给父级(具有iframe)。我希望该站点可以单独运行,因此它可以是一个独立的项目。 (因此,我在localhost:4000上运行“ CSS Friend”,而在localhost:3000上重构的站点。

The use of a js script would be ideal so that no matter your framework, you could add this script to your application.html file and then it would work.

我可以通过更改development.rb文件中的配置设置(如服务器端)使CORS访问iframe,但是在运行时:

<script>
      console.log("script working");

      var method = "POST";
      var url = "http://localhost:4000";

      var xhr = new XMLHttpRequest();

      xhr.open(method, url);

      xhr.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
      xhr.setRequestHeader("Access-Control-Allow-Origin", "*");

      var text = {"command":"PUSH"};
      xhr.send(text);
</script>

(An idea from this answer: javascript set header Access-Control-Allow-Origin)

我收到以下错误:

Access to XMLHttpRequest at 'http://localhost:4000/post' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

是否可以使用JS脚本更改CORS设置,还是总是必须在服务器端进行?