javascript-php JS cross-domain request

Source: Internet
Author: User

Ajax request a method under this domain name UserInfo, obtain the user information, but in the UserInfo method that obtains the user information, is uses the single-point sign-in system, therefore obtains the information the process to have the cross-domain, so the AJAX request will error, ask how to solve?

Reply content:

Ajax request a method under this domain name UserInfo, obtain the user information, but in the UserInfo method that obtains the user information, is uses the single-point sign-in system, therefore obtains the information the process to have the cross-domain, so the AJAX request will error, ask how to solve?

I think of a way
1-Using the local PHP through Curl, so that Ajax as long as the request for local PHP will not occur across the domain, and PHP side of the curl is not cross-domain restrictions.
2-the host side provides the JS script, the associated system refers to the JS, and calls the method in which it declares the AJAX request does not belong to the cross-domain.
Usually I use Method 1, Method 2 requires a host-side system developer to work with, too cumbersome.

Make a proxy on the PHP layer, ask PHP to request that cross-domain interface, and then PHP will return the data to the page.
This interface can not be used JSONP, not can not be implemented, is not secure. You cannot leak user information because it is a userinfo, so you must focus on security issues.

Cross-domain, the address parameter to add a callback function, in JS, in this callback function to process the returned data. Here is a cross-domain of post, you can refer to it. https://github.com/limeng0403/libs/blob/master/EOF/getJSON%E5%9C%A8PHP%E7%8E%AF%E5%A2%83%E4%B8%8B%E5%AE%9E%E7% 8e%b0%e8%b7%a8%e5%9f%9f%e6%95%b0%e6%8d%ae%e5%8a%a0%e8%bd%bd.md

Using AJAX Jsonp

    1. Pure GET request can be usedjsonp

    2. Supported CORS browsers, availableCORS

Request Data steps

Send Request---> Server response return---> Browser accepts response---> determines if it is in the same domain

If yes, return the response data to Ajax. If not, then remind me to disallow cross-domain requests.

In fact, the server can be added in the response header

Header ("Access-control-allow-origin: Allowed Domain");
Header ("Access-control-allow-methods: Method to allow request");
Header ("Access-control-allow-headers:x-pingother");

Tells the browser to return the response value to this request

Reference: Https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS

Cross-Domain can refer to the following article
Http://www.cnblogs.com/duanhuajian/p/4211616.html

Header (' Content-type:application:json;charset=utf8 ');
Header (' access-control-allow-origin:* ');
Header (' Access-control-allow-methods:post ');
Header (' Access-control-allow-headers:x-requested-with,content-type ');

Add this to your PHP file

You can use the JSONP request

I just tidied up. Three ways to resolve cross-domain requests: https://segmentfault.com/a/1190000004539815

PostMessage (); OnMessage.

The best is to use the PHP Curl agent in the past, a bit higher control.
The second is to modify the server interface file, open the cross-domain limit, so that Ajax can be called.
The third is the proposal landlord with Jsonp .

Specific single sign-on system how to implement the not to see, the strange point is that if I access the UserInfo method through the browser can get the user's information, and then Ajax request UserInfo method can return the user information, it is very strange, so I used a very stupid method, It is at the bottom of the page with a iframe,iframe load should be an HTTP request, it is normal! But the reason why the direct access to the cross-domain error is still not found, thank you for your answer! @incNick @ Big Bang @ Zhang Yatao @ et cetera ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.