Ajax cross-domain access-two of effective solutions

The new Global Consortium strategy enables HTTP Cross-domain access, and I've been looking for a long time to solve this problem:

You only need to add access-control-allow-origin to the header information returned in the servlet.

For example, I want to open all my local cross-domain access, and set it as follows: Response.setheader ("Access-control-allow-origin", "http://127.0.0.1/*");

So the AJAX request in my local a project can request a servlet in B engineering across the domain.

The code is as follows:

HTML JS Ajax Request:

 /* Create a new XMLHttpRequest object to talk to the WEB server/var xmlHttp = false;/* @cc_on @*//* @if (@_js Cript_version >= 5) try {    xmlhttp = new ActiveXObject ("Msxml2.xmlhttp");} catch (e) {    try {        xmlhttp = new ActiveXObject ("Microsoft.XMLHTTP");     } catch (E2) {        xmlhttp = false;     }} @end @*/if (!xmlhttp && typeof xmlhttprequest!= ' undefined ') {     xmlHttp = new XMLHttpRequest ( ); The var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX"; Xmlhttp.open ("Get", url, True); Setup a function for the "server to run" when it's done xmlhttp.onreadystatechange = function () {    if (XM Lhttp.readystate = = 4) {        var response = Xmlhttp.responsetext;         alert (response); }//send the request xmlhttp.send (NULL);

Servlet Code:

  protected void Service (HttpServletRequest req, HttpServletResponse resp)            & nbsp       throws Servletexception, java.io.IOException {      resp.setheader ("Pragma", " No-cache ");       resp.setheader ("Cache-control", "No-cache");       //The following sentence is the core       resp.setheader ("Access-control-allow-origin", "http:// 127.0.0.1/* ");       resp.setdateheader ("Expires", 0);       servletoutputstream SOS = Resp.getoutputstream ();       try {           Sos.write (obj.tostring () getBytes ("GBK")); nbsp;     } catch (Exception e) {           SYSTEM.OUT.PRINTLN (e.tostring90 )       } finally {              try {     & nbsp           sos.close ();              &nbsp} catch (Exception e) {           &NB Sp      log.error (e);              &NBSP/      }}

The code is OK in the native test, and after two days, I put the servlet on the server and then test it locally.

Article Source: http://hi.baidu.com/aullik5/blog/item/12f2f8ec552da74878f0553f.html

Although the above method solves the problem perfectly, but the above article also said. There may be security issues, and whether the new standards are supported or not is a problem, so we can apply another tricky way to do the same effect, because JS does not exist cross-domain problem, if our server's servlet returned a JS script, that's OK. We can use JavaScript src in a project JS to access the B-engineering servlet, and then pass the data through the JS script output from the servlet. So based on this idea, I did the following code test:

Page's JS code:

function Loadajax () {id= "Testesbscript";      Oscript = document.getElementById (ID);      var head = document.getElementsByTagName ("Head"). Item (0);     if (oscript) {head.removechild (oscript);     } Oscript = document.createelement ("script"); var url = "Http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX&success=justHandle oscript.setattribute     ("id", id);     Oscript.setattribute ("type", "Text/javascript");     Oscript.setattribute ("Language", "JavaScript"); Head.appendchild (Oscript); //jsuthandle This function is the Anti-tune function. This is done in the servlet code using the Eval method. function Justhandle (dd) {alert (dd);}

The code for the servlet:

protected void Service (HttpServletRequest req, HttpServletResponse resp)

Throws Servletexception, Java.io.IOException {

Object obj = "Test";

Servletoutputstream SOS = Resp.getoutputstream ();

StringBuffer sb = new StringBuffer ();

Resp.setcharacterencoding ("GBK");

Resp.setheader ("Charset", "GBK");

Resp.setcontenttype ("CHARSET=GBK");

The following sentence indicates that the JavaScript script file Resp.setcontenttype ("Text/javascript");

Sb.append ("eval ()" +parammap.get ("success") + "(/" "+obj.tostring () +"/")");

try {

Sos.write (Sb.tostring (). GetBytes (this.character_encoding));

catch (Exception e) {

System.out.println (E.tostring ());

finally {

try {

Sos.close ();

catch (Exception e) {

System.out.println (E.tostring ());

}

}

}

Reference:

Master ajax:http://www.ibm.com/developerworks/cn/xml/wa-ajaxintro1.html

Ajax cross-Domain access-method Encyclopedia: http://juliet.javaeye.com/blog/180011

Baidu's Ajax Cross-domain resolution: http://www.nowamagic.net/ajax/ajax_BaiduCrossDomainMethod.php

Mobile: 18606871719

Name: Ms. Li

qq382764019

Email:lihe039@126.com

But the way: 340197199005094298