Two solutions for Ajax Cross-domain problems _ajax related

Source: Internet
Author: User
Tags java web

Overview

Ajax Cross-domain is a common problem in front-end development, this article describes the solution with Google Chrome as the client and Tomcat as a Web server.

Problem phenomenon

When Cross-domain access occurs, Ajax usually reports something like the following error:

XMLHttpRequest cannot load Http://192.168.2.12:8001/oss/api/version/check. No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' http://localhost:8000 ' is therefore not allowed access.

Workaround one: Close the browser's Cross-domain security settings, only for development testing

Take the Chrome browser for example, right-click on the Chrome shortcut and append--disable-web-security to Target's value, noting that there is a space ahead. For example:

"C:\Program Files (x86) \google\chrome\application\chrome.exe"--disable-web-security

After startup, the Chrome browser prompts you to "You are using unsupported command line Tags:--disable-web-security", which is unsafe and is therefore limited to testing.

This allows you to test directly, without a cross-domain error!

Workaround Two: Configure the Web server to support Cross-domain access

This describes the solution in the case of Tomcat as a Web server by adding the following configuration to the Web.xml file under the Web-inf of the Java Web program.

<!--cors filter-->
  <filter>
    <filter-name>CorsFilter</filter-name>
    < filter-class>org.apache.catalina.filters.corsfilter</filter-class>
  </filter>
  < filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</ Url-pattern>
  </filter-mapping>

Note: There are several configuration options below Org.apache.catalina.filters.CorsFilter, and the system's default configuration is used when there is no configuration. In the actual production environment to be configured to improve security as needed. For example, the Cors.allowed.origins configuration allows access to the source address, default to all, that is, *. In addition, there are cors.allowed.methods,cors.allowed.headers and so on. For specific configuration details, see [1] in the resources in this article.

Both of these methods can solve the problem of Ajax Cross-domain, I hope this article to share the help of everyone.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.