Thank
Rain Man from the gardenThis guy, the information is very detailed:
For details, see: HTTP://WWW.CNBLOGS.COM/RAINMAN/ARCHIVE/2011/02/20/1959325.HTML#M0
I picked out part of my own collection:
--------------------------------------------------------------------------------------------------
What is a cross-domain
JavaScript is not allowed to invoke objects of other pages across domains for security reasons. But the security restrictions also bring a lot of trouble to inject IFRAME or AJAX applications. Here are some simple things to sort out about cross-domain issues:
First what is cross-domain, simple to understand is because of the JavaScript homologous policy limitations, a.com domain name JS can not operate B.Com or c.a.com under the domain name of the object. A more detailed explanation can be seen in the following table:
URL |
Description |
whether to allow communication |
http://www.a.com/a.js http://www.a.com/ B.js |
under the same domain name |
allow |
http://www.a.com/lab/a.js Http://www.a.com/script/b.js |
different folders under the same domain name |
Allow |
http://www.a.com:8000/a.js http://www.a.com/b.js |
same domain name, different ports |
do not allow |
http://www.a.com/a.js https://www.a.com/b.js |
same domain name, different protocol |
does not allow |
http://www.a. Com/a.js http://70.32.92.74/b.js |
domain name and domain name corresponding IP |
do not allow |
http://www.a.com/a.js H Ttp://script.a.com/b.js |
primary domain, subdomain different |
not allowed |
http://www.a.com/a.js http://a.com/ B.js |
Same domain name, different level two domain name (ibid.) |
not allowed (cookies are not allowed in this case) |
http://www.cnblogs.com/a.js H Ttp://www.a.com/b.js |
different domain names |
not allowed |
-
Pay special attention to two points:
-
First, if it is a cross-domain problem caused by protocol and port "front desk" is powerless,
-
Second: On a cross-domain issue, the domain is only identified by the "header of the URL" and does not attempt to determine whether the same IP address corresponds to two domains or two domains on the same IP.
The "header of the url" refers to Window.location.protocol +window.location.host, which can also be understood as "Domains, protocols and ports must match".
The next simple summary of the "front office" generally handle cross-domain approach, background proxy This scenario involves the background configuration, here does not elaborate
JS cross-Domain detailed