Home > Others

Cross-domain details

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

What is a cross-domain
JavaScript is not allowed to invoke objects of other pages across domains for security reasons. But the security restrictions also bring a lot of trouble to inject IFRAME or AJAX applications. Here are some simple things to sort out about cross-domain issues:

First what is cross-domain, simple to understand is because of the JavaScript homologous policy limitations, a.com domain name JS can not operate B.Com or c.a.com under the domain name of the object. A more detailed explanation can be seen in the following table:
URL description whether to allow communication
Http://www.a.com/a.js
Http://www.a.com/b.js allowed under the same domain name
Http://www.a.com/lab/a.js
http://www.a.com/script/b.js different folders under the same domain name allow
Http://www.a.com:8000/a.js
Http://www.a.com/b.js the same domain name, different ports are not allowed
Http://www.a.com/a.js
Https://www.a.com/b.js the same domain name, different protocols not allowed
Http://www.a.com/a.js
Http://70.32.92.74/b.js domain and domain name corresponding IP is not allowed
Http://www.a.com/a.js
Http://script.a.com/b.js primary domain, different subdomains are not allowed
Http://www.a.com/a.js
Http://a.com/b.js the same domain name, different level two domain names (IBID.) are not allowed (cookies are not allowed in this case)
Http://www.cnblogs.com/a.js
Http://www.a.com/b.js different domain names are not allowed

Egg

Ajax or an IFRAME points to an address where the level two domain name, port, and protocol must be exactly the same as the main page, or even cross-domain
Like what a.baidu.com访问b.baidu.com 是跨域; a.baidu.com:8080访问a.baidu.com:80 是跨域; http://a.baidu.com访问https://a.baidu.com 是跨域Cross-domain refers to a resource that requests another domain name from a Web page of a domain name. For example, from the http://www.baidu.com/page to requesthttp://www. google.com of resources. The strict definition of cross-domain is that as long as the protocol, the domain name, the port has any difference, it is considered to be a cross-domain.
How to achieve cross-domain fetch data, LS said JSONP is the most common, you can refer to this article cross-domain and cross-domain access

Cross-domain details

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More