| interview cross-domain solutions

What are the cross-domain solutions?

• JSONP can only solve GET cross domain

  How it works: Dynamically create a script tag. SRC attributes using script tags are not restricted by the same origin policy. All SRC and href attributes are not subject to the same origin policy. Third party server data content can be requested.

• CORS cross-domain resource sharing

  How it works: After the server sets the access-Control-Allow-Origin response header, the browser will Allow cross-domain requests

  Limitations: Browsers need to support HTML5, can POST PUT and other methods, compatible with IE9 or above

  Background Settings are required:

  Access-Control-Allow-Origin: * 		        // Allow all domain names to access
  
  Access-Control-Allow-Origin: [http://www.juejin.cn] // Only the domain name can be accessed
  Copy the code

• Set up the document. The domain

  Principle: the same master domain name under different subdomain pages, you can set document.domain to make them the same domain

  Limitations: Co-domain documents provide interoperation between pages and need to load iframe pages

• ES5 postMessage

  The new postMessage() method in ES5 allows scripts from different sources to communicate asynchronously in a limited manner, enabling cross-text file, multi-window, cross-domain messaging.

  Grammar: postMessage (data, origin)

• Use Apache for forwarding (reverse proxy) to make cross-domain co-domain