¶ Configure Web Security Domain
For web applications, there is a risk of userPoolId/secret being stolen, so we need to take some special defense action. The key point is that we must be able to ensure that other people can obtain your userPoolId and cannot directly use your server resources. The Web side can restrict the source of the request through the Web security domain name, which is simply a white list.
// 跨域 www.a.com:8080 www.a.com // 跨域 www.a.com:8080 www.a.com:80 // 跨域 a.com www.a.com // 跨域 xxx.a.com www.a.com // 不同协议，跨域 http: https: