Baidu's Ajax cross-origin method

Baidu passes are handled in the second-level domain name passport.baidu.com. However, in many places, the baidu logon process is like ajax. How does it do it? I studied it and found a small trick.

The http://zhidao.baidu.com has the following javascript:

<Script language = "JavaScript"> document. domain = "baidu.com"; <! -- Function G (id) {if (typeof (id) = "string") {return document. getElementById (id);} return id;} function showInfo (obj) {if (obj. checked = true) {G ("memInfo "). style. display = "block";} else {G ("memInfo "). style. display = "none" ;}} function request (id, url) {oScript = document. getElementById (id); var head = document. getElementsByTagName ("head "). item (0); if (oScript) {head. removeChild (oScript);} oScript = document. createElement ("script"); oScript. setAttribute ("src", url); oScript. setAttribute ("id", id); oScript. setAttribute ("type", "text/javascript"); oScript. setAttribute ("language", "javascript"); head. appendChild (oScript); return oScript;} var loginTimer = null; var loginState =-1; var tryTime = 0; function PSP_ik (isOk) {if (isOk = 0) {G ("errorInfo "). style. display = "none"; loginState = 1; if (parent. loginSuccess) {parent. pop. hide (); parent. loginSuccess () ;}} else {loginFalse () ;}} function loginFalse () {loginState = 0; var err = G ("errorInfo"); err. innerHTML = "the user name or password is incorrect. Please log on again"; err. style. display = "block"; G ("username "). focus (); tryTime ++; if (tryTime> 1) {onLoginFailed () ;}} function onLoginFailed () {if (parent. onLoginFailed) {parent. pop. hide (); parent. loginFailed ();} else {document. login. u. value = escape (" http://zhidao.baidu.com/q "+ Parent. location. search); doucment. login. submit () ;}} function loginTimeout () {if (loginState =-1) {var err = G ("errorInfo"); err. innerHTML = "Operation timeout, please log on again"; err. style. display = "block"; G ("username "). focus () ;}} function userLogin () {var username = G ('username '). value; var password = G ('Password '). value; var memPassport = G ('mempassport '). checked? "On": "off"; if (username. length <= 0 | password. length <= 0) {G ("username "). focus (); return false;} var url =' https://passport.baidu.com/?logt&tpl=ik&t=0&keyname=ik&mem_pass= '+ MemPassport +' & username = '+ username +' & loginpass = '+ escape (password) +' & s = '+ (new Date ()). getTime (); loginState =-1; var login = request ("loginScript", url); loginTimer = setTimeout (loginTimeout, 5000);} window. onload = function () {document. loginForm. username. focus (); document. getElementById ("username "). focus () ;}// --> </SCRIPT>

We can see that the request method processes asynchronous requests by dynamically adding scripts to the head instead of sending get requests using xmlhttp. That's wonderful. We know that javascript is called without the limit of the domain. It is executed when the load is complete.

Of course, the request parameters can only be spelled by url. After the url is processed by the server, loginFalse () or PSP_ik () is directly output. This elegantly solves the cross-origin problem.

This reminds us that using iframe to upload files through ajax is the same. If Server feedback is not required, google uses new img (). src = ...;

Of course, there are some tips in the baidu script, which are worth learning.