Cross-origin Ajax Problems

Source: Internet
Author: User

In actual production, we often encounter Ajax cross-origin problems. Of course, Uncle Wen insisted on telling everyone whether to honestly avoid cross-origin. Why? Let's talk about it later.

First, do you have to say that AJAX can achieve cross-origin? Yes, of course. required. What should I do?

You can search for "cross-origin Resource Sharing". This time, du Niang will give the correct answer.

Wen shu helped me find a simple saying that the official can be moved here:

Http://ezzze.iteye.com/blog/978728

There is also a complete, here:

Http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/

It is easy to implement. Taking php as an example, we only need to add these two lines before the target interface returns the result:

Header ("Access-control-allow-origin: http://www.xdarui.com ");

Header ("access-control-allow-Methods: Post get ");

This is done, so we are very pleased to start the request.

Back to the question, said Mao wenshu, honestly do not cross-origin? The reason is:

First. The trust here needs to be reflected in the Code, which means you must have a reasonable way to maintain the trust list of your cross-origin requests. Of course, this is not very troublesome.

Second. Is the services of the other party trustworthy? In most cases, the answer is: no.

Third. If your situation is the same as that of Uncle Wen, the domain is empty. Is it Mao? Because Uncle Wen's page is made up of native! If you want to request the target server, it must be cross-origin. If I allow cross-origin, Nima will be the second ...... This means that I need to completely expose the server, which is too dangerous ...... If you want a hacker, you can directly write an Ajax request using js to send requests continuously. If there are 10 thousand people accessing this page, our server will be able to withstand the increase of 10 thousand. Even Nima is enough. If the other party wants to say "uncle Hei", then he will directly launch a client proxy, and the other party will not be able to defend against it! (Of course, the wisdom of Uncle Wen certainly won't think of so many dangers. Uncle Wen can only think of the inability to do so. Thanks to 54chen's teachings ).

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

11.11 Big Sale for Cloud

Get Unbeatable Offers with up to 90% Off,Oct.24-Nov.13 (UTC+8)

Get It Now >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.