Home > Others

Cross-domain access and same-origin policy

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Because it is possible to open multiple Web pages in the same browser window at the same time, and they are all in the same session, if cross-domain access is not prohibited, there is a problem of user privacy data disclosure and logon identity spoofing, so the browser uses the same-origin policy to restrict cross-domain access.

In the browser, access to URLs or iframe under different domain names via JS code is forbidden. Instead of cross-domain access via JS code, there are no cross-domain issues! For example, cross-domain loading of images, referencing JS files, downloading various files, using the IFRAME cross-domain embedded in other sites of the page is possible.

Cross-domain access bans can sometimes hinder application development, but there are also ways to address cross-domain access issues when certain conditions are met:

1 Add Access-control-allow-origin to the response header of the other server which domains are allowed to cross-domain access, which can be either a domain name or *. (this scheme can only be used if the other party trusts, doesn't care, and is safe.) )

2 If the domain name is a subdomain of the same root domain name, you can use document.domain= "root domain Name" to unify the domain name of JS execution environment. (this scheme can only be used within the same company and organization)

3 Use JSONP (JSON Padding). The browser does not restrict the script to introduce other websites via the script tag, so we can add a script tag to the page dynamically by JS and specify its src as a special URL, and the other's server requests for this URL will be handled specially.

4 The URL that will be requested to send to its own server, let the server initiated the request (the server has no cross-domain restrictions), the server after the successful request, the data will be transmitted to the browser JS (this way is called the service-side proxy request, this way as long as their service side support is OK, is a more common scenario, without any restrictions).

5 Exchange data across domains using any browser-side intermediate mechanism that can be leveraged.

Cross-domain access and same-origin policy

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
domain name and website same privacy and policy generator security awareness and training policy field and stream return policy iso 27001 access control policy template origin access battlefront 2 battlefront 2 origin access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More