"Javascript" web cross-domain communication problem resolution [GO]

The cross-domain problem of Web pages is caused by attempts to read and write JS scopes in different domains using JS scripts. The problem stems from JavaScript's same-origin policy: For security reasons, JavaScript restricts the interaction between Web page JS scripts from different sources. Otherwise, there will be a variety of access to the user's private data issues.

1, Document.domain

It can only resolve a domain name under a different two-level domain Name page cross-domain, such as person.aa.com and book.aa.com, you can add book.aa.com with an IFRAME under a page of person.aa.com, Add document.domain = "aa.com" Inside the person.aa.com and IFRAME.

2, Jsonp

JSONP can solve the limitation of XMLHttpRequest request cannot cross domain, the principle is to request a JS script by dynamically creating a <script> element, let this script execute in the scope of the page, and make a detour to implement AJAX-like request.

3. Using HTML5 API

HTML5 provides a api:postmessage that allows us to communicate across domains, supported browsers with Internet Explorer 8.0+, Chrome 2.0+,Firefox 3.0+, Opera 9.6+, and Safari 4.0+. When the Window.postmessage method is called, the message event of the target window is triggered, which enables direct exchange of information in different domains.

Suppose a page contains the IFRAME b page

var winb = window.frames[0]; winb.postmessage (' Hello iframe ', ' http://www.test.com '//  b page (listen for message event, get information)  window.addeventlistener (' message ',function//  ensure sender ' s Originif(e.origin = = ' http://www.aa.com ') {     console.log (' Source: ' + e.source);     Console.log (' Message Received: ' + e.data); }},false)

PS. Communication events are not bubbling.

4, Window.name

Window.name is generally used to obtain a subwindow: Window.frames[windowname]; it has an important feature: A window, no matter what page is loaded, window.name remains unchanged. This feature can be used for cross-domain information transfer. For example, 3 pages are A,B,C, respectively. A is the main page with an IFRAME embedded inside it :page B. The b page assigns a value to the Window.name, which is then redirected to the C page. c page In another domain, its function is to read the b page Write window.name.

<!--a page -<HTML><Head><title>Page A</title></Head><Body>    <iframesrc= "b.html"/></Body></HTML><!--b page -<HTML><Head><title>Page B</title></Head><Body> <Scriptlanguage= "JavaScript">vara= []; for (varI= 0; I< Ten; I++) {a.push (' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx '+i);} Window.name=A.join ("'); //Write Window.name, where you can write a larger valuewindow.location.href=' http://www.cc.com/C.html ';</Script></Body></HTML><!--C Page -<HTML><Head><title>Page C</title></Head><Body><Scriptlanguage= "JavaScript">document.write (window.name);//read out the Window.name and write it on the page</Script></Body></HTML>

You can see that the C page normally outputs the B-page write window.name.

"Javascript" web cross-domain communication problem resolution [GO]