Cross-origin requests are resources in one site to access resources on another site with different domain names. This is common. For example, you can use the style label to load external style table files, use the img label to load external images, use the script label to load external script files, and use cross-origin requests, that is, resources in one site access resources on another site with different domain names. This is common, for example, loading external style table files through style. tags, loading external images through img tags, loading external script files through scripts. tags, loading font files through Webfont, etc. By default, the Same-origin policy (Same origin policy) is used for accessing data such as document attributes by script ). What is a same-origin policy? If the protocols, domain names, and ports of the two pages are identical, they are the same source. The same-source policy is used to prevent access to or set the attributes of documents loaded from another address from a document or script loaded from one address. If the primary domain names of the two pages are the same, you can set the document. domain attribute to regard them as the same source. With the rise of Web2.0 and SNS, Web applications require more and more cross-origin access requests. However, cross-origin requests in scripts are subject to security restrictions, web developers urgently need to provide a safer and more convenient cross-origin Request Method to integrate (Mashup) their own Web applications. One advantage of this is that requests can be distributed to different servers, reducing the pressure on a single server to increase the response speed; another advantage is that different business logic can be distributed to different servers to reduce load. Ajax cross-origin access problems-Case I. the Web proxy method (on Server A) means that the cross-origin access requests to website B generated by the user when accessing website A are submitted to the specified page of website, this page replaces the user page to complete interaction, and thus return the appropriate results. This solution can solve most of the Cross-origin access problems that can be considered at this stage, but requires website A to provide support for Web Proxy. Therefore, website A and website B must work closely together, in each interaction process, the server load of website A increases and the session status cannot be saved on behalf of users. The CaseII. on-Demand (on Server A) MYMSN portal uses this method, but MYMSN does not involve cross-origin access. Dynamically generate a new script on the page and direct its src attribute to the website of another website. The content returned by this website must be a legal Javascript script, which is commonly used for JSON messages. This solution has the defect that the get method is adopted when the src attribute of the script completes the call. If the string passed during the request is too large, it may fail to run normally. However, this solution is very suitable for aggregation portals.Script function loadContent () {var s = document. createElement ('script'); s. src = 'HTTP: // www.anotherdomain.com/TestCrossJS.aspx? F = setDivContent '; document. body. appendChild (s);} function setDivContent (v) {var dv = document. getElementById ("dv"); dv. innerHTML = v;} script Here is www.anotherdomain.com/testcrossjs.aspx,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
