Using Access-control-allow-origin to troubleshoot cross-domain

What is a cross-domain

When two domains have the same protocol (such as HTTP), the same port (for example, 80), the same host (for example, www.google.com), then we can assume that they are the same domain (protocol, domain name, port must be the same).

Cross-domain refers to the protocol, domain names, port inconsistencies, for security reasons, cross-domain resources are not interactive (such as the general situation of cross-domain JavaScript can not interact, of course, there are many solutions for cross-domain)

Access-control-allow-origin

Access-control-allow-origin is a policy defined in HTML5 that addresses the cross-domain of resources.

He is returning the response header with the Access-control-allow-origin identity through the server to resolve cross-domain permissions issues for the resource.

Using the method, add Access-control-allow-origin in response, for example

Specifies that other domain names are allowed to access the  header (' access-control-allow-origin:* ');  Response type  header (' Access-control-allow-methods:post ');  Response header Set  header (' Access-control-allow-headers:x-requested-with,content-type ');

　　

Join in the requested response header

Resp.setheader ("Access-control-allow-origin", "*");
Resp.setheader ("Access-control-allow-methods", "*");
Resp.setheader ("Access-control-allow-headers", "X-requested-with,content-type");
Resp.setcontenttype ("Application/json");
Resp.setcharacterencoding ("Utf-8");

can also be set to * indicates that the resource is available to anyone, according to the actual situation set

If the resource is an HTML page, you can set the

[Java]View PlainCopy

1. <meta http-equiv="Access-control-allow-origin" content="*" >

Using Access-control-allow-origin to troubleshoot cross-domain