When using Ajax to cross domain requests, the browser complains: XMLHttpRequest error:origin null is isn't allowed by Access-control-allow-origin. It must be a cross-domain problem, if the JSONP or proxy to modify the words would be too much engineering, so the use of cors this relatively simple and efficient technology. The cors is more efficient than the JOSP approach. Jsonp because it works only to implement get requests, Cors supports all types of HTTP requests. Using Cors, you can use ordinary Ajax to implement Cross-domain, which is a great boon to the front end, this technology is generally supported by most browsers now, because Cross-domain is already universal requirements, the browser will gradually out of the appropriate ' back door ' out of the special to cross domain.
Browser support situation
After I test IE browser IE10 and above can send the request normally
1. Server-side support for cors is done by setting up Access-control-allow-origin. If the browser detects the appropriate settings, you can allow Ajax to cross domain access, which is the corresponding ' back door '.
Setting Apache:apache requires the use of the Mod_headers module to activate the HTTP header setting, which is activated by default. You only need to modify the httpd.conf file in the Apache configuration file:
Raw code
Copy Code code as follows:
<directory/>
allowoverride None
Require all denied
</Directory>
Change to the following code
Copy Code code as follows:
<directory/>
Require all denied
Header Set Access-control-allow-origin *
</Directory>
Set in the PHP file that handles the request:
Copy Code code as follows:
<?php
Header ("access-control-allow-origin:*");
Processing Request output data
?>
The implication of a configuration is to allow any domain-initiated request to obtain data from the current server. Of course, there is a great danger that malicious sites may attack our servers via XSS. So we should try to be targeted on the source of restricted security, such as the following settings so that only http://jb51.net/this domain can access the server's APIs across domains.
In httpd.conf:
Copy Code code as follows:
Header Set Access-control-allow-origin http://www.jb51.net
in the php file:
Copy Code code as follows:
<?php
Header ("Access-control-allow-origin:http://www.jb51.net");
Foreground code:
Copy Code code as follows:
<script type= "Text/javascript" >
function Createcorsrequest (method, URL) {
var xhr = new XMLHttpRequest ();
if ("Withcredentials" in XHR) {
This is the case that supports cors
Check if the XMLHttpRequest object has a "withcredentials" property
"Withcredentials" exists only in XMLHttpRequest Level 2 objects
} else {
Otherwise check whether support Xdomainrequest
Xdomainrequest only exists in IE and is the way IE is used to support cors requests
XHR = new Xdomainrequest ();
}
Xhr.open (method, URL, true);
Xhr.send ();
Xhr.onload = function () {
alert (Xhr.responsetext);
}
}
Createcorsrequest (' Get ', "http://192.168.1.58/t.php");
</script>