Easily solve cross-domain access problems with jquery and JSONP

Source: Internet
Author: User
Tags domain server

Time too fast, and was pulled back to JS battlefield, cross-domain problem this scar again open pain.

Fortunately, with jquery, cross-domain issues seem to be less difficult. This time also take this opportunity to the cross-domain problem to the inquisitive, actual development projects, access to relevant information, is considered to solve the cross-domain problem. It is necessary to write down the memo.

Cross-domain security restrictions are referred to as browser-side. There is no cross-domain security restriction on the server side, so cross-domain access is done through a similar httpclient approach through the native server, and then the browser-side uses Ajax to get the native server-side "cross-domain Access" The corresponding URL. To indirectly complete cross-domain access is also possible. But it is clear that the amount of development is relatively large, but the limit is minimal, many widgets open platform server side (such as Sohu Blog open platform) actually do. Not in the scope of this discussion.

To discuss True cross-domain access on the browser side, it is recommended that jquery $.ajax () currently supports the cross-domain of Get methods, which is actually done in the JSONP way.

Real Case:

varQsdata = {' Searchword ': $ ("#searchWord"). attr ("value"), ' Currentuserid ': $ ("#currentUserId"). attr ("value"), ' Conditionbean.pagesize ': $ ("#pageSize"). attr ("value"))};$.ajax ({async:false, Url:http://cross-domain dns/document!searchjsonresult.action,Type: "GET", DataType:' Jsonp ', Jsonp:' Jsoncallback ', Data:qsdata, timeout:5000, Beforesend:function(){   //Jsonp Mode This method is not triggered. The reason may be datatype if you specify JSONP, it's not an AJAX event anymore .}, Success:function(JSON) {//client jquery pre-defined callback function, after successfully obtaining the JSON data on the cross-domain server, will execute this callback function dynamically    if(json.actionerrors.length!=0) {alert (json.actionerrors);   } gendynamiccontent (Qsdata,type,json); }, Complete:function(XMLHttpRequest, Textstatus) {$.unblockui ({fadeOut:10 }); }, Error:function(XHR) {//Jsonp Mode This method is not triggered. The reason may be datatype if you specify JSONP, it's not an AJAX event anymore .    //Request Error HandlingAlert ("Request error (Please check the correlation network condition.)"); }});

Attention:

$.getjson ("HTTP//cross-domain dns/document!searchjsonresult.action?name1=" +value1+ "&jsoncallback=?" ,       function (JSON) {      if(json. property name = = value)      {//  Execute code             }        });

This is actually a high-level package of the previous example $.ajax ({..}) API, and some of the $.ajax API's underlying parameters are encapsulated and not visible.
This way, jquery is assembled into the URL get request as follows
HTTP//cross-domain dns/document!searchjsonresult.action?&jsoncallback=jsonp1236827957501&_=1236828192549& Searchword=%e7%94%a8%e4%be%8b¤tuserid=5351&conditionbean.pagesize=15

On the response side (HTTP///cross-domain dns/document!searchjsonresult.action),
by Jsoncallback = Request.getparameter ("Jsoncallback"), we get the JS function of the jquery end to be recalled later name:jsonp1236827957501
Then the content of the response is a script Tags: "jsonp1236827957501 (" + by the request parameters generated by the JSON array + ")";
jquery will invoke this JS tag:jsonp1236827957501 (JSON array) dynamically via callback method.
This achieves the purpose of cross-domain data exchange.

The most basic principle of JSONP is: adding a <script> tag dynamically, and the SRC attribute of the script tag is not a cross-domain limitation. In this way, this cross-domain approach is actually unrelated to the Ajax XMLHttpRequest protocol.
In fact, "jquery Ajax cross-domain problem" has become a pseudo-proposition, jquery $.ajax method name is misleading.

If set to datatype: ' Jsonp ', this $.ajax method has nothing to do with Ajax XMLHttpRequest, instead it is the JSONP protocol.

JSONP is an unofficial protocol that allows the server-side integration of script tags to return to the client, using the form of JavaScript callback for cross-domain access JSONP that is JSON with Padding. Due to the limitations of the same-origin policy, XMLHttpRequest only allows resources to be requested for the current source (domain name, protocol, port). If cross-domain requests are made, we can make cross-domain requests by using the HTML script tag and return the script code to execute in the response, where the JavaScript object can be passed directly using JSON. This cross-domain communication method is called JSONP.

Jsoncallback function jsonp1236827957501 (...): A callback function that is registered by the browser client and gets the JSON data on the cross-domain server

Jsonp principle:

First register a callback (for example: ' Jsoncallback ') on the client, and then pass callback's name (for example: jsonp1236827957501) to the server. Note: After the server gets the value of callback, use jsonp1236827957501 (...). Include the JSON content that will be output, at which point the server generates JSON data to be properly received by the client.

Then, in JavaScript syntax, a function is generated, and the function name is the value jsonp1236827957501 of the parameter ' Jsoncallback ' passed up.

Finally, the JSON data is placed directly into the function in the form of a parameter, so that a document of JS syntax is generated and returned to the client.

The client browser, parses the script tag, and executes the returned JavaScript document, at which time the JavaScript document data, as parameters,
Passed into the client's pre-defined callback function (as in the previous example, the jquery $.ajax () method encapsulates the Success:function (JSON)). (Dynamic execution callback function)

Can say Jsonp way principle and <script src= "//cross-domain/...xx.js" ></script> is consistent (QQ space is a large number of this way to achieve cross-domain data exchange). JSONP is a script injection (scripts injection) behavior, so there are some security implications.

Example code for the principle:

// client-side JavaScript code var script=document.createelement ("script"); Script.src= "http://www.pl4cj.com:8888/5/6/ action.php?param=123&callback= "+fnname;document.getelementsbytagname (" head ") [0].appendchild ( Script)// server-side PHP code, must have callback to make a callback, the parentheses here, is to let it in the form of a statement block parsing < php<span style= "COLOR: #ff00ff" >echo $_get["callback"]. " (". Json_encode ($_get)."); " ; </span>?

Note that Jquey is not supported for post-mode cross-domain.

Why is it?
Although the use of post + dynamic generation of IFRAME can achieve the purpose of post cross-domain, but this is a more extreme way, is not recommended.
can also say get way cross-domain is legal, post way from security point of view, is considered illegal, last but not the sword walk Pifo.

The need for client-side cross-domain access seems to have attracted the attention of the HTML5 WebSocket standard supports cross-domain data exchange and should also be a future-selectable cross-domain data exchange solution

Reprint: http://www.poluoluo.com/jzxy/201402/261614.html

Easily solve cross-domain access problems with jquery and JSONP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.