Home > Developer > Web Develop
http://blog.csdn.net/netdxy/article/details/50699842
With seven of cows, many users are more or less experiencing cross-domain issues, and this article focuses on the next cross-domain concept to see what happens across domains and seven kn about cross-domain policies.
On the cross-domain, white point is to go to the server to fetch things, of course, the domain is another server, as long as the protocol, domain name, the port has any difference, are treated as a different domain. Here the form upload combined with Ajax request to get token upload demo as a pointcut to see exactly when the cross-domain will appear.
Here is the demo code example, note that the link to request token has two
One is a server-side set of links http://115.231.183.78//ServletDemo/servlet/UploadToken that allow cross-domain generation tokens
The other one is the server. Set up a link to allow cross-domain token generationhttp://115.231.183.78/ServletDemo/servlet/TokenNoCross
<Html><Head><Metahttp-equiv="Content-type"Content="Text/html; Charset=utf-8 "><ScriptType="Application/javascript" > functionxmlHTTP() {var $xmlhttp;if (window. XMLHttpRequest) {$xmlhttp =New XMLHttpRequest (); }else {$xmlhttp =New ActiveXObject ("Microsoft.XMLHTTP"); }return $xmlhttp; } window.onload =function() {$xmlhttp = XMLHTTP (); $xmlhttp. onreadystatechange =function() {if ($xmlhttp. readyState = =4) {if ($xmlhttp. Status = =200) {Set the value of Id_token to the value returned by the request Uptokenurl document.getElementById (' Id_token '). Value = $xmlhttp. responsetext; } } }Allow cross-domain generation of token links $upTokenUrl =' Http://115.231.183.78//ServletDemo/servlet/UploadToken ';Links that do not allow cross-domain generation tokens$UPTOKENURL = ' Http://115.231.183.78/ServletDemo/servlet/TokenNoCross '; $xmlhttp. Open (' GET ', $UPTOKENURL,true); $xmlhttp. Send (); };</Script></Head><Body><Formaction="Http://up.qiniu.com"Method="POST"Enctype="Multipart/form-data" ><Table><Tr><Td> Upload token:</Td><Td><InputId="Id_token"Name="Token"Type="Text"style="width:300px"/></Td></Tr><Tr><td> Upload file name:</Td><Td><InputType="Text"Name="Key"style="width:300px" ></Td></Tr><Tr><Td> Select File:</Td><Td><InputType="File"Name="File"style="width:300px" ></Td></tr> < tr> <td colspan= "2" > <input type=" submit " value= "upload"/> </td> </tr> </table> </form> </body></ HTML> Here I will write the two cases mentioned above and then put them into another virtual machine of different IP, the links are: http://115.231.183.51/upnocross.html and http://115.231.183.51/upcancross.html
Then the load access situation is that the former will expect the AJAX request token to appear across the domain and the other link request is normal, you can refer to the following:
The former appears across domains:
Normal request to token (can be uploaded normally):
Based on the above, we can clearly understand how the cross-domain is produced, and simply understand that because of the limitations of the JavaScript homology policy, a.com JS under the domain name can not operate B.Com or c.a.com under the domain name of the object, the solution is to set the server to run the cross-domain response header response.setHeader("Access-Control-Allow-Origin","*") .
The following gives the code that generates tokens in the servlet and sets it "Access-Control-Allow-Origin","*" .
PublicClassUploadtokenExtendsHttpServlet {PublicUploadtoken () {Super (); }PublicvoidDestroy () {Super.destroy (); }PublicvoidDoget (HttpServletRequest request, httpservletresponse response)Throws Servletexception, IOException {String Access_key ="Um6ieh7mtwnwkgpjimd08jdxlvviuelhi4mffoel"; String Secret_key ="Twvp6za5hpfiremr0dxxxxxxxxxxxxxxxxxxxxxx"; Auth Auth = auth.create (Access_key, Secret_key); String token = Auth.uploadtoken ("Javademo",null, 3600*24, null); Response.setcontenttype ( "text/html"); //setting allows for cross-domain response header response.setheader ( " Access-control-allow-origin ", " * "); PrintWriter out = Response.getwriter (); OUT.PRINTLN (token); Out.flush (); Out.close (); } public void doPost ( HttpServletRequest request, HttpServletResponse response) throws servletexception, IOException {super.doget (Request,response);} public void init () throws servletexception {}} Look at the picture below to see whether the two pages are allowed to communicate by default is a good understanding of the situation.
For the seven Bull JS cross-domain situation, the summary is as follows:
1. Upload, default support, when initiating the upload request, seven cattle service will return the corresponding support cross-domain header, you can refer to the following successful upload of the response header information:
2. Download, not supported by default, can be configured with support. Upload Crossdomain.xml in your own space, and the contents of the Crossdomain.xml are as follows
<cross-domain-policy><allow-access-from Domain= "*" /><allow-http-request-headers-from domain= "*" Headers= "*" /></cross-domain-policy> 3. Management (such as file deletion copy move), not supported, the Management server does not support JS cross-domain request (mainly for data security), if need only send management operation request from the service side.
Note that the seven-on-demand platform space domain default has 302 jump, Ajax requests will appear across the domain, you need to cancel the domain name of 302 jump.
Alternatively, you can refer to the following statement in this article:
HTTP access Control (CORS)
Seven cows---with a seven-cow upload instance summary under Ajax cross-domain "go"
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
