The new strategy implements HTTP cross-domain access, and I've been looking for a long time to solve this problem:
You only need to add Access-control-allow-origin to the header information returned in the servlet.
For example, I want to open all my local cross-domain access, set as follows: Response.setheader ("Access-control-allow-origin", "http://127.0.0.1/*");
This allows me to request a servlet in project B across domains by Ajax requests in my local a project.
The code is as follows:
HTML JavaScript for the AJAX request:
Copy CodeThe code is as follows:
/* Create A new XMLHttpRequest object to talk to the WEB server */
var xmlHttp = false;
/* @cc_on @*/
/* @if (@_jscript_version >= 5)
try {
XmlHttp = new ActiveXObject ("Msxml2.xmlhttp");
} catch (e) {
try {
XmlHttp = new ActiveXObject ("Microsoft.XMLHTTP");
} catch (E2) {
XmlHttp = false;
}
}
@end @*/
if (!xmlhttp && typeof XMLHttpRequest! = ' undefined ') {
XmlHttp = new XMLHttpRequest ();
}
var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX";
Xmlhttp.open ("GET", url, True);
Setup a function for the server to run when it's done
Xmlhttp.onreadystatechange = function () {
if (xmlhttp.readystate = = 4) {
var response = Xmlhttp.responsetext;
alert (response);
}
}
Send the request
Xmlhttp.send (NULL);
servlet Code:
Copy CodeThe code is as follows:
protected void Service (HttpServletRequest req, HttpServletResponse resp)
Throws Servletexception, Java.io.IOException {
Resp.setheader ("Pragma", "No-cache");
Resp.setheader ("Cache-control", "No-cache");
The following sentence is the core
Resp.setheader ("Access-control-allow-origin", "http://127.0.0.1/*");
Resp.setdateheader ("Expires", 0);
Servletoutputstream SOS = Resp.getoutputstream ();
try {
Sos.write (Obj.tostring (). GetBytes ("GBK"));
} catch (Exception e) {
System.out.println (E.TOSTRING90)
} finally {
try {
Sos.close ();
} catch (Exception e) {
Log.error (e);
}
}
}
The code in the native test is possible, after two days, I put the servlet on the server, and then local testing.
The above-mentioned approach is a perfect solution to the problem, but the above article also says. There may be security issues, and whether the new standards are supported or not, so we can apply another trickery way to achieve the same effect, because JS does not have cross-domain problems, if our server servlet returns a JS script, then it is. We can use JavaScript src in the A project to access the servlet of the B project, and then pass the data through the JS script output by the servlet. So according to this idea I did the following code test:
The JS Code of the page:
Copy CodeThe code is as follows:
function Loadajax () {
Id= "Testesbscript";
Oscript = document.getElementById (ID);
var head = document.getElementsByTagName ("Head"). Item (0);
if (oscript) {
Head.removechild (Oscript);
}
Oscript = document.createelement ("script");
var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX&success=justHandle
Oscript.setattribute ("id", id);
Oscript.setattribute ("type", "Text/javascript");
Oscript.setattribute ("Language", "JavaScript");
Head.appendchild (Oscript);
}
Jsuthandle This function is the Sung function. This is done in the servlet code using eval.
function Justhandle (DD) {
Alert (DD);
}
the code for the servlet:
Copy CodeThe code is as follows:
protected void Service (HttpServletRequest req, HttpServletResponse resp)
Throws Servletexception, Java.io.IOException {
Object obj = "Test";
Servletoutputstream SOS = Resp.getoutputstream ();
StringBuffer sb = new StringBuffer ();
Resp.setcharacterencoding ("GBK");
Resp.setheader ("Charset", "GBK");
Resp.setcontenttype ("CHARSET=GBK");
The following sentence indicates that the JavaScript script file
Resp.setcontenttype ("Text/javascript");
Sb.append ("eval (/" "+parammap.get (" success ") +" (/' "+obj.tostring () +"/')/")");
try {
Sos.write (Sb.tostring (). GetBytes (this.character_encoding));
} catch (Exception e) {
System.out.println (E.tostring ());
} finally {
try {
Sos.close ();
} catch (Exception e) {
System.out.println (E.tostring ());
}
}
}
http://www.bkjia.com/PHPjc/327758.html www.bkjia.com true http://www.bkjia.com/PHPjc/327758.html techarticle The new strategy implements HTTP cross-domain access, and I've been looking for a long time to solve this problem: simply add the Access-control-allow-origin to the header information returned in the servlet .