XMLHttpRequest Cannot load http://www.zjblogs.com/ . No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' null ' is therefore not allowed access.
Looked up the information, found that it is the new standards of the standard is the same as stipulated:
The latest in the global standard is how to implement HTTP cross-domain requests, cross-origin Resource sharing
Simply put, the cross-domain target server returns a series of headers that control whether the cross-domain is agreed by the headers. These headers are:4 Syntax
Access-Control-Allow-Origin HTTP Response Header
Access-Control-Max-Age HTTP Response Header
Access-Control-Allow-Credentials HTTP Response Header
Access-Control-Allow-Methods HTTP Response Header
Access-Control-Allow-Headers HTTP Response Header
Origin HTTP Request Header
Access-Control-Request-Method HTTP Request Header
Access-Control-Request-Headers HTTP Request Header
There are some in the Request package and in the Response package.
One of the most sensitive is the access-control-allow-origin Header, which is used to check whether the cross-domain request can be passed. (Access Control Check)
The process for cross-domain implementations is roughly as follows:
Initiate a cross-domain request from HTTP./ www.a.com/test.html
The requested address is:/ httpwww.b.com/test.php
If Server B Returns a header like the following
Then, the cross-domain request from http://www.a.com/test.html will be passed.
As you know, the summary solution is as follows:
1. If the requested URL is an ASPX page, you will need to add code to the ASPX page: Response.AddHeader ("Access-control-allow-origin", "*");
2, if the requested URL is a PHP page, you need to add code in the PHP page: Header ("Access-control-allow-origin: *");
3. If the requested URL is a static HTML page, you will need to add a META tag code to the page: <meta http-equiv= "Access-control-allow-origin" content= "*"/>
If the server side can determine which domain name to be accessed, it is best to replace the "*" in the above code for the specific domain name, so that the security can be enhanced accordingly.