Because of the same-origin security policy against cross-site scripting attacks, browsers prohibit client script (such as JavaScript) from making cross-domain calls to services of different domain names.
The source in the homologous strategy (same origin) has a strict definition, see RFC6454, 4th Chapter. In general, Origin consists of the {protocol, host, port} three parts.
It may be a bit surprising that we generally think that different subdomains should be treated as the same domain name, which is safe to call, but in fact the browser homology policy even prohibits calls between different subdomains and ports of service.
This article implements cross-domain by setting up Access-control-allow-origin .
For example: The domain name of the client is client.runoob.com, and the requested domain name is server.runoob.com.
If you use AJAX access directly, you will get the following error:
XMLHttpRequest cannot load http://server.runoob.com/server.php. No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' http://client.runoob.com ' is therefore not allowed access.
1. Allow single domain access
To specify a domain name (http://client.runoob.com) for cross-domain access, simply add the following code to the http://server.runoob.com/server.php file header:
Header (' access-control-allow-origin:http://client.runoob.com ');
2. Allow multiple domain names to be accessed
To specify multiple domain names (http://client1.runoob.com, http://client2.runoob.com, and so on) for cross-domain access, simply add the following code to the http://server.runoob.com/server.php file header:
$origin = isset ($_server[' Http_origin ')? $_server[' http_origin ': '; $allow _origin = Array ( ' http://client1.runoob.com ', ' http://client2.runoob.com ' ); if (In_array ($origin, $allow _origin)) { header (' Access-control-allow-origin: '. $origin);
3. Allow all domain names to access
To allow all domain access, simply add the following code to the http://server.runoob.com/server.php file header:
Header (' access-control-allow-origin:* '); This article is reproduced from http://www.runoob.com/w3cnote/php-ajax-cross-border.html
Cross-Domain Access solutions