Principles of jsons and Corp

cross-domain key knowledge

1 IE era compromise

a way to break through browser limitations
1 IE era compromise


homology policy

what is cognate ?
source: protocol + domain name + port
if two url protocols, the domain name and port number are identical, then the two url are of the same origin. and are different sources because they are not exactly the same

same-origin policy definition
if JS runs in source A, then JS can only get the data in A, but not the data in source B.
even if JS is downloaded from source B and runs in A, it cannot read the data from source B.

in simple terms, the same-origin policy is that pages from different sources are not allowed to access data from each other

why is

to protect user privacy

if do not have the same-origin policy
unable to distinguish between the sender
here if the page to access the page B (different source), then A will send the request, the request (if) the hacker and almost normal request there is no difference between referer distinguishing (only request), if you don’t check the referer background, that is no different with normal.

isn’t it good to check referer?

what if, in case you don’t check it, the whole page is in danger?The safety of the chain depends on the weakest link. So in case you forget to check it, you have a big problem.

how to cross domain


to share data, it should be declared in advance. If A wants to access the data of B, it only needs to write B in the response header of A to access it, and the specific syntax can be checked by MDN.
yes, it’s that simple.


IE does not support CORS
then JSONP appears.
JSONP works as follows: A can refer to B’s JS, but cannot access data. So we write to the JS object , and then A references JS, and then we will get the data successfully.

  • B writes the data to A JS file
  • A reference JS file
  • JS file executes the predefined function window.XXX
  • A executes the function window.XXX
  • 0


and then the data will be read successfully.

I won’t show you the

code, but it’s that simple.

Read More: