In the current trend of separation of front and back, cross-domain is almost inevitable. Whether in development or on the deployment line, we will encounter cross-domain, but do we really understand cross-domain?

Why cross-domain? The main reason is the restriction of the same origin policy of the browser, mainly for security reasons. Source indicates whether the protocol, domain name, and port are the same. As long as the source is different, there will be cross-domain restrictions such as cookies, localstorage, indexDB, DOM, AJAX that cannot be retrieved or requests cannot be sent. Img, script, ifram and link tags have no cross-domain problems.

With the above limitations, there are also several approaches to cross-domain solutions.

document.domain

Two level 1 domain names are the same, but two level 2 domain names are different. You can pass data through document.domain, that is, shared cookies. This parameter applies only to cookies and iframes

window.name

Mainly ifRAM use, as long as in the same page, the first set the name attribute, after a window can call the name attribute of the data, and can place a very long data string.

window.postMessage

The new H5 method, which is similar to window.name method, adds postMessage to one window and the other window that wants to fetch the data directly listens to the message. Localstorage can also pass data through this method.

JSONP

The principle is that using script is not affected by the same origin policy, and requests can be made through script or ajax’s JSONP method. Jsonp Jsonp is a script that is not subject to the same origin policy and can only send GET requests.

WebSocket

We know that we can solve cross-domain problems, but we don’t know how.

CORS

Cross-source resource sharing, which has been adopted as a W3C standard, is the simplest solution to cross-domain AJAX requests. CORS is a server with a request header that allows cross-domain requests to access.

The agent

Cross-domain problems can be solved by using third-party proxies because of the same Origin policy.

Cross-domain solution is probably these several, you can baidu detailed methods

Welcome to the public account of Coding personal Notes