What is cross-domain?
Cross-domain, when the browser cannot execute scripts from other websites. It is caused by the browser's homologous policy, which is a security restriction imposed by the browser on Javascrip{filter}t.
The so-called homologous means that the domain name, protocol, and port are all the same, it doesn't matter if you don't understand, give a chestnut:
http://www.itsvse.com/index.htmlinvokehttp://www.itsvse.com/server.PHP(Non-cross-domain)
http://www.itsvse.com/index.htmlCall http://www.456.com/server.php (different primary domain: itsvse/456, cross-domain)
The hyperlink login is visible.invokeThe hyperlink login is visible.(Subdomain different: abc/def, cross-domain)
http://www.itsvse.com:8080/index.html 调用 http://www.itsvse.com:8081/server.php (端口不同:8080/8081,跨域)
http://www.itsvse.com/index.htmlCalling https://www.itsvse.com/server.php (different protocols: http/https, cross-domain)
Please note: localhost and 127.0.0.1, while both pointing to local, are also cross-domain.
When the browser executes the javascrip{filter}t script, it will check which page the script belongs to, and if it is not a homologous page, it will not be executed.
Solution:
1、JSONP:
I won't go into detail about how to use it, but it should be noted that JSONP only supports GET requests, not POST requests.
2. Agent:
For examplewww.itsvse.com/index.htmlIf you need to call www.456.com/server.php, you can write an interfacewww.itsvse.com/server.phpThis interface calls the www.456.com/server.php on the backend and gets the return value, and then returns it to the index.html, which is a proxy pattern. It is equivalent to bypassing the browser side, so there is naturally no cross-domain problem.
3. Modify the header on the PHP side (XHR2 method)
Add the following two sentences to the PHP interface script:
header('Access-Control-Allow-Origin:*'); Allow access from all sources
header('Access-Control-Allow-Method:POST,GET'); Ways to allow access
|
Posted on 7/14/2017 6:24:37 PM
|
|
|
Posted on 7/15/2017 9:00:43 AM