let request = new XMLHttpRequest()
request.open('get'.'/xxx')
request.send()
request.onreadystatechange = ()=>{
if(request.responseState === 4){
if(request.satatus>=200){
console.log('Request successful')}else if(quest.status>=400){
console.log('Request failed')}}}Copy the code
There are three things you must do to use AJAX
1. Send a request using XMLHttpRequest
2. The server returns a string in XML format
3.JS parses XML and updates local pages
Note:
AJAX requests are allowed only when the protocol + port + domain name are identical
1. Can http://baidu.com send AJAX requests to http://www.baidu.com?
2. Can http://baidu.com:80 send AJAX requests to http://baidu.com:81?
The answer is no, it has to be exactly the same.
Other requests are not homologous, but AJAX must be. Why is that?
Browsers consider this safe because, for example, the page refreshes after a request is sent using a form.
But the AJAX page doesn’t refresh, the original web page reads the response, and there’s no privacy.
AJAX is so secure that no web site can make requests without permission anymore, and CROS is the key to breaking the same-origin policy
CORS Cross-origin Resource Sharing is to add response.setheader('Access-Control-Allow-Origin'.'http://....... ')
Copy the code