1. Same-origin policy
The same origin policy means that the domain name, protocol, and port are the same. Client scripts from different sources cannot read or write each other’s resources without explicit authorization to protect users’ privacy. Is that why the same-origin policy is required
Take baidu website as an example https://www.baidu.com/
- Agreement –
https
- Domain name –
www.baidu.com
- Port –
443
- The default HTTPS port is 443
- The default HTTP port is 80
- The default port can be hidden, plus the port number after baidu website
https://www.baidu.com:443/
In http://www.example.com/dir/page.html, for example, following with the homologous situation:
http://www.example.com/dir2/other.html
homologoushttp://example.com/dir/other.html
Different source (different domain name)http://v2.www.example.com/dir/other.html
Different source (different domain name)http://www.example.com:81/dir/other.html
Different source (different port)
1.1 protocol
Protocols are simply rules for communication between humans and computers
1.1.1 HTTP
HTTP consists of requests and responses. It is a standard client-side server model. HTTP protocol is always the client initiating the request and the server sending back the response
HTTP: Hypertext Transfer protocol (HTTP) is an application-layer protocol for distributed, collaborative, and hypermedia information systems
HTTP is a stateless protocol; Stateless means that there is no need to establish a persistent connection between the client and the server, so when the client sends a request to the server and the server responds, the connection is closed
HTTP shortcomings
- Communications use clear text and can be eavesdropped
- Do not verify the identity of the communicating party and may encounter camouflage
- Packet integrity cannot be proved and may be tampered with
1.1.2 HTTPS
- HTTPS: HTTP + Encryption + Authentication + Integrity protection = HTTPS
- HTTPS is the secure version of HTTP, which establishes SSL encryption layer over HTTP and encrypts transmitted data. HTTPS = HTTP + TLS/SSL
HTTPS: hypertext Transfer Security protocol. It is a transport protocol for secure communication over a computer network
1.2 the domain name
A domain name is used to identify a computer during data transmission
Domain names and IP addresses map to each other. Because IP addresses are not easy to remember, people design domain names. But a single domain name can not let us directly access to the correct address, only the domain name resolved into the actual network address, can access success; This resolution is done by a special domain name system, DNS
1.3 port
If an IP address is compared to a house, a port is the door in and out of the house. An IP address can have more than one port
1.4 Classic question, what happens when you type a URL in the browser?
- Browser pass
DNS
The domain name resolves to the service IP address - Client pass
TCP
Protocol established to the serverTCP
Connect (triple handshake)- The three-way handshake goes as follows
- The client sends a SYN request packet
SYN_SEND
state - After receiving the connection, the server replies with an ACK packet and does not allocate resources to the connection
- After receiving an ACK packet, the client also sends an ACK packet to the server and allocates resources. In this way, a TCP connection is established
- The client (browser) sends an HTTP protocol package to the Web server (HTTP server), requesting the resource document in the server
- The server sends an HTTP reply packet to the client
- The client and server disconnect (four handshake) and the client begins parsing and processing the HTTP document
-
The four-wave process is as follows
-
The client initiates a terminal connection request, or sends a FIN packet. When the server receives a FIN packet, it says, “MY client has no data to send to you, but if you still have data to send, don’t close the Socket and continue sending data.”
-
Waiting: The client enters the FIN_WAIT state and continues to wait for the FIN packet from the server
-
When the server confirms that data has been sent, it sends a FIN packet to the client to tell the client that data has been sent and the client is ready to close the connection
-
The client receives a FIN packet. If the server does not receive an ACK, the server can retransmit the ACK. When the server receives an ACK, it knows that the connection can be disconnected. If the client waits for 2MSL and still does not receive a reply, the server is shut down normally. At this point, the client can also disconnect and the TCP connection is closed
-