These several reference links speak quite well, the feeling does not compare oneself to do collation again, do a knowledge index only. You can see what’s going on with homology and cross-domain.
Same-origin Policy
Originally, it meant that the Cookie set by page A could not be opened on page B unless the two pages were of the same origin.
Three is the same
- The agreement is the same
- Domain name is the same
- The same port
Three behavioral restrictions
- Cookie, LocalStorage, and IndexDB cannot be read
- DOM not available
- AJAX requests cannot be sent
reference
www.ruanyifeng.com/blog/2016/0…
CORS cross-domain resource sharing
CORS is a W3C standard, which stands for “Cross-origin Resource Sharing”.
It allows browsers to issue XMLHttpRequest requests across source servers, overcoming the limitation that AJAX can only be used in the same source.
reference
www.ruanyifeng.com/blog/2016/0…
JSONP
Jsonp is not a data format, different from JSON, but a technique for transferring data across domains.
The cross-domain nature of the script tag SRC can be used to load cross-domain server files that execute local functions and take parameters passed in by the server.
reference
Segmentfault.com/a/119000000…