First look at the concept, what is cross-domain: protocols, domain names, ports have any difference between them to communicate is called cross-domain.
Situation |
Whether to allow communication |
Under the same domain name |
Is |
Different folders under the same domain name |
Is |
Same domain name, different port |
Whether |
Same domain name, different protocol |
Whether |
Domain and domain name corresponding IP |
Whether |
Primary domain name is the same, sub-domain name is different |
Whether |
Different domain names |
Whether |
There are 2 common cross-domain approaches: CROS (cross-domain resource sharing cross-origin Resource sharing), JSONP
CROS: Server-side CORS
support, mainly through the setup Access-Control-Allow-Origin
to do. If the browser detects the appropriate settings, it can allow Ajax for cross-domain access. This setting is only supported by modern browsers
JSONP: Actually is the cross-domain behavior hack means, the realization principle and the loading JS is a reason, therefore can only implement GET request the JSONP.
In JS, it XMLHttpRequest
is not possible for us to request data directly from different domains. However, it is possible to introduce JS script files on different domains on the page, and JSONP is using this feature to achieve this.
cors and Jsonp comparison
Compared with JSONP, Cors is undoubtedly more advanced, convenient and reliable.
1、 JSONP只能实现GET请求,而CORS支持所有类型的HTTP请求。 2、 使用CORS,开发者可以使用普通的XMLHttpRequest发起请求和获得数据,比起JSONP有更好的错误处理。 3、 JSONP主要被老的浏览器支持,它们往往不支持CORS,而绝大多数现代浏览器都已经支持了CORS)。
to cross subdomains by modifying Document.domain
This method is more suitable for the same parent domain name and different sub-domain name, by changing the document.domain to be the same parent domain can be implemented to communicate with each other, such as:
Parent.a.com/parent.html page has a iframe,iframe src point to child.a.com/child.html, under normal circumstances these two pages are unable to achieve communication,
But as long as the document.domain= "A.com" are set separately in parent.html and child.html, the two pages can communicate with each other.
(note, however, that Document.domain's settings are limited, and we can only set Document.domain to the parent domain of itself or higher)
using Window.name for cross-domain
window
object has a name
property, which has a feature: in the lifetime of a window, all of the pages loaded by the window share a window.name
of,
each page pairs window.name
have permission to read and write, window.name
is a persistent existence of a window loaded in all the pages of the
cross-domain using HTML5 's Window.postmessage method
window.postMessage(message,targetOrigin)
Method is a html5
newly introduced feature that can be used to window
send messages to other objects,
Regardless of whether the window object belongs to the same origin or different source, the current IE8+、FireFox、Chrome、Opera
browser has already supported the window.postMessage
method.
Cross-Domain Issues summary