cross-domain key knowledge
1 IE era compromise
a way to break through browser limitations
1 IE era compromise 2
what is cognate ?
source: protocol + domain name + port
if two url protocols, the domain name and port number are identical, then the two url are of the same origin.
http://baidu.com are different sources because they are not exactly the same
same-origin policy definition
if JS runs in source A, then JS can only get the data in A, but not the data in source B.
even if JS is downloaded from source B and runs in A, it cannot read the data from source B.
in simple terms, the same-origin policy is that pages from different sources are not allowed to access data from each other
to protect user privacy
if do not have the same-origin policy strong>
unable to distinguish between the sender
here if the page to access the page B (different source), then A will send the request, the request (if) the hacker and almost normal request there is no difference between referer distinguishing (only request), if you don’t check the referer background, that is no different with normal.
isn’t it good to check referer?
what if, in case you don’t check it, the whole page is in danger?The safety of the chain depends on the weakest link. So in case you forget to check it, you have a big problem.
how to cross domain
to share data, it should be declared in advance. If A wants to access the data of B, it only needs to write B in the response header of A to access it, and the specific syntax can be checked by MDN.
yes, it’s that simple.
IE does not support CORS
then JSONP appears.
JSONP works as follows: A can refer to B’s JS, but cannot access data. So we write to the JS object , and then A references JS, and then we will get the data successfully.
- B writes the data to A JS file
- A reference JS file
- JS file executes the predefined function window.XXX
- A executes the function window.XXX
and then the data will be read successfully.
I won’t show you the
code, but it’s that simple.
- Solved: No’Access-Control-Allow-Origin’ cross-domain issue
- Tainted canvases may not be exported
- Uncaught domexception: failed to read the ‘contentdocument’ property from ‘htmliframeelement’
- Failed to create Oracle Oracle home user solution appears in oracle12c installation
- Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://xxx.cn’) does n
- To solve the problem of failed to load: data in HTML5 game running rmmv locally/ actors.json problem
- Converting PDF file to JPG image in Ubuntu
- WebView loadrequest request request error “nsurlconnection finished with error – Code – 1022”
- Web Crawler: How to get the data in the web page and disguise the header, disguise as a browser to visit many times, avoid a single visit leading to IP blocked
- After SAP Spartacus successfully logs in, does the request base site need access token
- HTTP error code compact version
- Unable to read meta data for class
- Redis: (error) MOVED 8352 192.168.145.128:6380 [How to Solve]
- Windows Update Error: 80244019
- HTML method IE8 reports an error, IE8 jQuery Ajax obtains static resources reports an error, typeerror denies access
- Network error — browser error [How to Solve]
- Springboot plus cross domain annotation @crossorigin startup error
- HTTP load failed, 0/0 bytes (error code: -1003 [10:-72000])
- SQL server error 15404 solution