[Ajax]--Ajax cross-domain solution-CORS

What is Ajax.

Ajax is a way to get data from the server without having to refresh the page, and the core object of the Ajax operation is the XMLHttpRequest (XHR) object.

The same-origin policy is a major constraint on XHR, which sets the "same domain, same port, same protocol" limit for communication.
Attempting to access resources other than the above restrictions raises a security error unless a recognized cross-domain solution is used.

This scenario is called Cors (cross-origin Resource sharing) cross-origin resource sharing.

Which accesses belong to a cross-domain. Http://a.com does not allow access to http://b.com (different domains) http://a.com does not allow access to https://a.com (same domain name, different protocols) http://a.com does not allow access to http://a.com : 8080 (same domain name, different port) http://a.com does not allow access to http://192.168.1.1 (domain name and IP corresponding to domain name) http://a.a.com does not allow access to http://b.a.com (primary domain is the same, subdomain is different)

Three solutions:

Programme one:

Cons: Browser-compatible issues exist
AJAX cross-domain solution-CORS

Service-side settings that require the requested party: Access-control-allow-origin

Remember: Access-control-allow-origin cannot be set to *, and is set to an accessible domain name.

 //Set accessible whitelist $white _list = [' http://cdn.abc.com ', ' http://abc.com '];
$_server[' Http_origin '//indicates the requesting party's domain name $http _origin = '; if (!empty ($_server[' Http_origin ')) && In_array ($_server[' Http_origin '], $white _list)) {$http _origin = $_serv

    er[' Http_origin '];
    Set Header information Header ("Access-control-allow-origin: {$http _origin}");
    Header ("Access-control-allow-methods", "Post,get");  Header (' access-control-allow-credentials:true '); Allow access to the cookie header (' Access-control-allow-headers:x-requested-with '); Set headers}//Execute code logic ...  

Another: If you are requesting HTML, add a meta tag to the file.

<meta http-equiv= "Access-control-allow-origin" content= "*"; 

Scenario Two:

//Cons: POST requests are not supported. The

uses JSONP to solve cross-domain problems, and there are quite a few online articles.

Scenario Three:

is similar to scenario one.

Modify Nginx Apache configuration:

//nginx http {... add_header access-control-allow-origin *;
  Add_header access-control-allow-headers X-requested-with;
  Add_header Access-control-allow-methods get,post,options;

......
}
    Apache: <directory/> ... Header set Access-control-allow-origin * </DIRECTORY> 

You can choose a scheme according to your own situation.