Cross-domain CORS json

The same-origin policy

A deliberate feature limitation of the browser is that data from pages from different sources cannot be accessed by each other.

homologous

Source: protocol, domain name, port.

If the protocol, domain name, and port are identical, the source is the same.

Window. origin or location.origin can get the source;

Cross domain

Browsers cannot execute scripts from other sites. It is caused by the same origin policy of the browser, a security restriction that the browser imposes on javascript. That is to say, from the web page of a domain name to request resources of another domain name, they are not the same source, are cross-domain.

Cross domain method

To break through the limitations of browsers, in order to enable some different source pages to access each other, cross-domain methods include CORS cross-domain and JSONP cross-domain.

CORS

Cross-origin Resource Sharing (CORS) is a way to break through the limitations of browsers.

Set response.setHeader in the background (‘ access-Control-allow-Origion ‘, ‘set the website that can Access the data of this website’)

IE6789 is not compatible with CORS, but JSONP is.

JSONP

JSONP: IE compatible, because the current browser does not support CORS or because some conditions do not support CORS, we have to use another way to cross domains, we request a JS file, this will perform a callback, the callback contains our data.

Advantages:

Compatible with IE
Can cross domain

Disadvantages:

Since it is a script tag, we do not know the status code and the response header, only the success and failure.
Since it is a script tag, only GET requests can be sent. Post is not supported.

The same-origin policy

homologous

Cross domain

Cross domain method

CORS

JSONP

Related Posts

LeeCode 977. Square ordered arrays

29. Bonus: Can you say that Spring beans are thread-safe?

Huawei Video Editor Kit helps developers efficiently build application Video editing capabilities