JavaScript cross-domain access

XMLHttpRequest Cannot load http://www.zjblogs.com/ . No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' null ' is therefore not allowed access.

Looked up the information, found that it is the new standards of the standard is the same as stipulated:

The latest in the global standard is how to implement HTTP cross-domain requests, cross-origin Resource sharing

Simply put, the cross-domain target server returns a series of headers that control whether the cross-domain is agreed by the headers. These headers are:4 Syntax

• 4.1 Access-Control-Allow-Origin HTTP Response Header

• 4.2 Access-Control-Max-Age HTTP Response Header

• 4.3 Access-Control-Allow-Credentials HTTP Response Header

• 4.4 Access-Control-Allow-Methods HTTP Response Header

• 4.5 Access-Control-Allow-Headers HTTP Response Header

• 4.6 Origin HTTP Request Header

• 4.7 Access-Control-Request-Method HTTP Request Header

• 4.8 Access-Control-Request-Headers HTTP Request Header

There are some in the Request package and in the Response package.

One of the most sensitive is the access-control-allow-origin Header, which is used to check whether the cross-domain request can be passed. (Access Control Check)

The process for cross-domain implementations is roughly as follows:

Initiate a cross-domain request from HTTP./ www.a.com/test.html

The requested address is:/ httpwww.b.com/test.php

If Server B Returns a header like the following

Access-control-allow-origin:http://www.a.com

Then, the cross-domain request from http://www.a.com/test.html will be passed.

As you know, the summary solution is as follows:

1. If the requested URL is an ASPX page, you will need to add code to the ASPX page: Response.AddHeader ("Access-control-allow-origin", "*");

2, if the requested URL is a PHP page, you need to add code in the PHP page: Header ("Access-control-allow-origin: *");

3. If the requested URL is a static HTML page, you will need to add a META tag code to the page: <meta http-equiv= "Access-control-allow-origin" content= "*"/>

If the server side can determine which domain name to be accessed, it is best to replace the "*" in the above code for the specific domain name, so that the security can be enhanced accordingly.

JavaScript cross-domain access