The new Global Consortium strategy enables HTTP Cross-domain access, and I've been looking for a long time to solve this problem:
Only the header information returned in the servlet needs to be added Access-control-allow-originThis can be.
For example, I want to open all my local cross-domain access, and set the following: Response.setheader ("Access-control-allow-origin", "http://127.0.0.1/*");
So the AJAX request in my local a project can request a servlet in B engineering across the domain.
The code is as follows:
HTML JS Ajax Request:
Copy Code code as follows:
/* Create A new XMLHttpRequest object to talk to the WEB server * *
var xmlHttp = false;
/* @cc_on @*/
/* @if (@_jscript_version >= 5)
try {
XmlHttp = new ActiveXObject ("Msxml2.xmlhttp");
catch (e) {
try {
XmlHttp = new ActiveXObject ("Microsoft.XMLHTTP");
} catch (E2) {
XmlHttp = false;
}
}
@end @*/
if (!xmlhttp && typeof xmlhttprequest!= ' undefined ') {
XmlHttp = new XMLHttpRequest ();
}
var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX";
Xmlhttp.open ("Get", url, True);
Setup a function for the "server to run" when it's done
Xmlhttp.onreadystatechange = function () {
if (xmlhttp.readystate = = 4) {
var response = Xmlhttp.responsetext;
alert (response);
}
}
Send the request
Xmlhttp.send (NULL);
servlet Code:
Copy Code code as follows:
protected void Service (HttpServletRequest req, HttpServletResponse resp)
Throws Servletexception, Java.io.IOException {
Resp.setheader ("Pragma", "No-cache");
Resp.setheader ("Cache-control", "No-cache");
The following sentence is the core
Resp.setheader ("Access-control-allow-origin", "http://127.0.0.1/*");
Resp.setdateheader ("Expires", 0);
Servletoutputstream SOS = Resp.getoutputstream ();
try {
Sos.write (Obj.tostring (). GetBytes ("GBK"));
catch (Exception e) {
System.out.println (E.TOSTRING90)
finally {
try {
Sos.close ();
catch (Exception e) {
Log.error (e);
}
}
}
The code is OK in the native test, and after two days, I put the servlet on the server and then test it locally.
Although the above method solves the problem perfectly, but the above article also said. There may be security issues, and whether the new standards are supported or not is a problem, so we can apply another tricky way to do the same effect, because JS does not exist cross-domain problem, if our server's servlet returned a JS script, that's OK. We can use JavaScript src in a project JS to access the B-engineering servlet, and then pass the data through the JS script output from the servlet. So based on this idea, I did the following code test:
Page's JS code:
Copy Code code as follows:
function Loadajax () {
Id= "Testesbscript";
Oscript = document.getElementById (ID);
var head = document.getElementsByTagName ("Head"). Item (0);
if (oscript) {
Head.removechild (Oscript);
}
Oscript = document.createelement ("script");
var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX&success=justHandle
Oscript.setattribute ("id", id);
Oscript.setattribute ("type", "Text/javascript");
Oscript.setattribute ("Language", "JavaScript");
Head.appendchild (Oscript);
}
Jsuthandle This function is the Anti-tune function. This is done in the servlet code using the Eval method.
function Justhandle (DD) {
Alert (DD);
}
The code for the servlet:
Copy Code code as follows:
protected void Service (HttpServletRequest req, HttpServletResponse resp)
Throws Servletexception, Java.io.IOException {
Object obj = "Test";
Servletoutputstream SOS = Resp.getoutputstream ();
StringBuffer sb = new StringBuffer ();
Resp.setcharacterencoding ("GBK");
Resp.setheader ("Charset", "GBK");
Resp.setcontenttype ("CHARSET=GBK");
The following sentence indicates that the JavaScript script file
Resp.setcontenttype ("Text/javascript");
Sb.append ("eval ()" +parammap.get ("success") + "(/" "+obj.tostring () +"/")");
try {
Sos.write (Sb.tostring (). GetBytes (this.character_encoding));
catch (Exception e) {
System.out.println (E.tostring ());
finally {
try {
Sos.close ();
catch (Exception e) {
System.out.println (E.tostring ());
}
}
}