Cross-Domain Issues summary

Source: Internet
Author: User

First look at the concept, what is cross-domain: protocols, domain names, ports have any difference between them to communicate is called cross-domain.

Situation Whether to allow communication
Under the same domain name Is
Different folders under the same domain name Is
Same domain name, different port Whether
Same domain name, different protocol Whether
Domain and domain name corresponding IP Whether
Primary domain name is the same, sub-domain name is different Whether
Different domain names Whether

There are 2 common cross-domain approaches: CROS (cross-domain resource sharing cross-origin Resource sharing), JSONP

CROS: Server-side CORS support, mainly through the setup Access-Control-Allow-Origin to do. If the browser detects the appropriate settings, it can allow Ajax for cross-domain access. This setting is only supported by modern browsers

JSONP: Actually is the cross-domain behavior hack means, the realization principle and the loading JS is a reason, therefore can only implement GET request the JSONP.

In JS, it XMLHttpRequest is not possible for us to request data directly from different domains. However, it is possible to introduce JS script files on different domains on the page, and JSONP is using this feature to achieve this.

cors and Jsonp comparison

Compared with JSONP, Cors is undoubtedly more advanced, convenient and reliable.

    1、 JSONP只能实现GET请求,而CORS支持所有类型的HTTP请求。    2、 使用CORS,开发者可以使用普通的XMLHttpRequest发起请求和获得数据,比起JSONP有更好的错误处理。    3、 JSONP主要被老的浏览器支持,它们往往不支持CORS,而绝大多数现代浏览器都已经支持了CORS)。
to cross subdomains by modifying Document.domain

This method is more suitable for the same parent domain name and different sub-domain name, by changing the document.domain to be the same parent domain can be implemented to communicate with each other, such as: page has a iframe,iframe src point to, under normal circumstances these two pages are unable to achieve communication,

But as long as the document.domain= "" are set separately in parent.html and child.html, the two pages can communicate with each other.

(note, however, that Document.domain's settings are limited, and we can only set Document.domain to the parent domain of itself or higher)

using for cross-domain

windowobject has a name property, which has a feature: in the lifetime of a window, all of the pages loaded by the window share a of,

each page pairs have permission to read and write, is a persistent existence of a window loaded in all the pages of the

cross-domain using HTML5 's Window.postmessage method

window.postMessage(message,targetOrigin)Method is a html5 newly introduced feature that can be used to window send messages to other objects,

Regardless of whether the window object belongs to the same origin or different source, the current IE8+、FireFox、Chrome、Opera browser has already supported the window.postMessage method.

Cross-Domain Issues summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.