Homologous strategy and JSONP

Homologous strategy and JSONP homologous strategy

The same Origin policy is a convention that is the most central and basic security feature of the browser, and if the same origin policy is absent, the normal functionality of the browser may be affected. It can be said that the Web is built on the basis of the same origin policy, the browser is only for the same origin of the implementation of the policy.

Homologous strategy, which is a well-known security policy proposed by Netscape. This policy is now used by all JavaScript-enabled browsers. The so-called homology refers to the same domain name, protocol, and port. When a browser's two tab pages are opened to Baidu and Google's page when the browser's Baidu tab page executes a script will check the script belongs to which page, that is, check whether the same origin, only and Baidu homologous script will be executed. In the case of non-homologous, when requesting data, the browser will report an exception in the console prompting for access denied. Example: Item 1: setting.py

Static_url = '/static/' staticfiles_dirs = (    os.path.join (base_dir, ' static '),)

Static files:

<script src= "Http://code.jquery.com/jquery-latest.js" ></script>

urls.py

From django.conf.urls import urlfrom django.contrib import adminfrom app01 Import viewsurlpatterns = [    url (r ' ^admin/') , admin.site.urls),    url (r ' index/$ ', views.index),    url (r ' ajax_send/$ ', views.ajax_send),]

　　

views.py

From django.shortcuts Import render,httpresponsedef Index (Request):    return render (Request, "index.html") def Ajax_ Send (Request):
Print (' Project 1 ... ')    return HttpResponse ("Data for Project 1") . * *

　　

index.html

<! DOCTYPE html>: "http://127.0.0.1:8080/ajax_send/",// Access to Project 2 path            success:function (data) {                alert (data)}            )    }) </script>
　　
Code for item 2 ibid.
===================================setting.pystatic_url = '/static/' Staticfiles_dirs = (Os.path.join (BASE_DIR, ' Static '),)//===================================urls.pyfrom django.conf.urls import urlfrom django.contrib Import Adminfrom app01 Import viewsurlpatterns = [url (r ' ^admin/', admin.site.urls), url (r ' index/$ ', Views.index),URL (r ' ajax_send/$ ', views.ajax_send),]//===================================views.pyfrom django.shortcuts Import render,httpresponsedef Index (Request): return render (Request, "index.html") def ajax_send (Request):
Print (' Project 2 ....... ')return HttpResponse ("Data for Project 2")===================================index.html<! DOCTYPE html>
　　
Homologous issue: When clicked on item 1 button, sent the request, but will find the error as follows:
Cross-origin requests have been intercepted: the same origin policy prohibits reading remote resources located in http://127.0.0.1:7766/SendAjax/. (Reason: CORS header is missing ' Access-control-allow-origin ').
Note, however, that access to Project 2 has already occurred, indicating that the browser has intercepted the results of non-homologous requests returned.
Note: Jquery.js is also a non-homologous request, but it can get the data. If the script tag request does not intercept, it intercepts the AJAX request.  script Tag Request:Index.html
<! DOCTYPE html><!--single script request. The Refresh page is requested. --<script src= "http://127.0.0.1:8080/ajax_send/" ></script>
　　
Refresh page:
The return value of item 2 is changed to English. defined as a variable.
From django.shortcuts Import render,httpresponsedef Index (Request):    return render (Request, "index.html") def Ajax_ Send (Request):    print (' Project 2 ... ')    # return HttpResponse ("Data for Project 2")    return HttpResponse ("Baobao ")
　　
Jsonp
Jsonp is one of the things that JSON uses to cross a domain. The principle is to bypass the same-origin policy through the cross-domain nature of the script tag.
Thinking: What's going on here?
Homologous strategy and JSONP