Cross-domain resource sharing (cross-origin Resource sharing)

At present, the Chinese information is relatively small, can search for the only few related to the introduction, but also almost identical, of which C # is less and less.

The XMLHttpRequest interface is the root of Ajax, and Ajax is a security issue that prohibits cross-domain access to resources. That is: Www.baidu.com's page cannot invoke Www.cnblogs.com's resources through Ajax.

But jquery's $.ajax () clearly can be accessed across the domain Ah! Yes, it does cross, but that's Jsonp (JSON with Padding)! Using this open strategy of <script>, the Web page can get JSON data that is dynamically generated from other sources, and this usage pattern is called JSONP. The data captured with JSONP is not JSON, but arbitrary JavaScript, which executes with a JavaScript interpreter instead of parsing with a JSON parser. There are a lot of introductions about JSONP.

For an example of using the local code sample:

Also two web sites, the client code is as follows:

<! DOCTYPE html>

<HEAD>
<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title></title>
<script type= "Text/javascript";

<script src= "Jquery-1.8.2.min.js" ></SCRIPT>
<script>
var Res=null;


Xhr.open ("POST", "Http://localhost:46226/hand.ashx", true);
Xhr.onreadystatechange= function () {
res = Xhr.responsetext;
}
Xhr.send ();

function B_c () {
Alert (res);
}
</script>

<body>
<input type= "button" value= "cross-domain" onclick= "b_c ();"/>
</body>

From the client it can be seen that there is no change in the asynchronous request, but it does not change, but requires a server mate.

The server code is as follows:

public class Hand:ihttphandler
{

public void ProcessRequest (HttpContext context)
{
context. Response.ContentType = "Text/plain";
context. Response.appendheader ("Access-control-allow-origin", "http://localhost:44860");//can also be any request for
context. Response.Write ("Yangyujie");
context. Response.End ();

public bool IsReusable
{
Get
{
return false;
}
}
}

It's amazing, it doesn't change much. Yes

The meaning of the above configuration is to allow

Of course, if set to <*> this is very dangerous, malicious sites may attack our servers through XSS.

If you only support http://localhost:44860 this station cross-domain access, it is: as the above configuration.

As follows:

Cross-domain resource sharing (cross-origin Resource sharing)