This is the 15th day of my participation in the August Text Challenge.More challenges in August

preface

“The colors of August are made of gold, bright and precious; The colors of August are brewed with the sun, fragrant and brilliant.”

In the future, I wish you to adjust yourself to the best state, slowly work hard, slowly become better

Cross domain

A document or script in one domain attempts to request a resource in another domain

Common cross-domain scenarios

URL that whether to allow communication http://www.domain.com/a.js http://www.domain.com/b.js the same domain name, Different file or path to allow http://www.domain.com/lab/c.js http://www.domain.com:8000/a.js http://www.domain.com/b.js the same domain name, Different ports Do not allow the http://www.domain.com/a.js https://www.domain.com/b.js the same domain name, Different protocols Do not allow the http://www.domain.com/a.js http://192.168.4.12/b.js domain names and domain name corresponding to the same IP is not allowed to http://www.domain.com/a.js http://x.domain.com/b.js Same primary domain, Different subdomains Do not allow the different domain name http://domain.com/c.js http://www.domain1.com/a.js http://www.domain2.com/b.js Don't allowCopy the code

Cross-domain solutions

Just two of the solutions I’ve used, and not the rest. Just to summarize

  1. Cross domains via JSONP

The principle behind jSONP cross-domain is to exploit “vulnerabilities” (historical sites) in

Callback ({“name”:”hax”,”gender”:”Male”})

The browser calls the callback function and passes the parsed JSON object as a parameter. This script can process the incoming data in the callback function.

<script> var script = document.createElement('script'); script.type = 'text/javascript'; / / implementation of preach the cords and specify the callback function for onBack script. The SRC = 'http://www.domain2.com:8080/login?user=admin&callback=onBack'; document.head.appendChild(script); Function onBack(res) {alert(json.stringify (res)); } </script>Copy the code
  1. Cross-domain resource sharing (CORS) (Cross-origin resource sharing)

For common cross-domain requests, only access-Control-allow-origin is required on the server. This parameter is not required on the front end. If cookie is required, access-Control-allow-origin is required on both the front and back ends

Note: More cross-domain solutions

conclusion

If this article helped you, please like 👍 and follow ⭐️

If there are any errors in this article, please correct them in the comments section 🙏🙏.