There are two types of situations here:
1. Access to pages between subdomains based on the same parent domain; see the following three domain domains: taobao.com, jipiao.taobao.com, promotion.taobao.com; they have the same The parent domain is taobao.com.
2. Access between pages based on different parent domains; see the following three domain domains: taobao.com, baidu.com, sina.com.cn; they have different parent domains.
The solutions to solve the cross-domain problem between them are:
Option 1: Server Proxy
The page JS of domain A needs to access the link under domain B to obtain data , this solution establishes a Proxy program on the server side of domain A (it may be any server program such as ASP, servlet, etc.). The page JS of domain A directly calls the Proxy program under this domain. The proxy program is responsible for sending the request to domain B. link and obtain the data, and finally return the data to the page JS for use through Proxy.
The access process is: JS under domain A --> Proxy under domain A -- > Link under domain B
Example:
Step 1:
Domain A: http://Jipiao.taobao.com/test.htm
javascript script on the page:
Step 2:
Complete the Proxy program of the domain A server (assumed to be a servlet here), the pseudo code is as follows:
Public class Proxy extends….{
..doGet(…… ..){
HttpClient client=……;
GetMethod get=new GetMethod("www.baidu.com/xxxxx.do"); //Access the link to domain B
int statusCode = client. executeMethod(get);
if (statusCode != HttpStatus.SC_OK) {
byte[] responseBody = get.getResponseBody();
String res=new String(responseBody);
Httpresponse.getWriter ().write(res);//Return data to domain A
}
}
}
Option 2: Through Script tag:
in domain A Write an empty Script tag in the head of the page http://Jipiao.taobao.com/test.htm:
< !--
Note: This solution requires domain B to be returned The data must be in a legal JSON format or a JS file format; for example, the data format returned by domain B is as follows:
Var remote={test:'hello'};
Var f=[2,1];
Option 3: Hide iframe and share domain:
Write a hidden iframe on the domain A page http://jipiao.taobao.com/yyyy.htm:
Note: The page http://promotion.taobao.com/xxxx.htm also needs to set document.domain="taobao.com" for this method to work.
The reason why this iframe method is not suitable for cross-domain between different parent domains is because setting document.domain can only be set to your own parent domain, not to other domains, such as: jiapiao.taobao. com can only set document.domain="taobao.com", not document.domain="baidu.com";
The three solutions listed here each have their own advantages and disadvantages:
The advantage of the Proxy solution is that it can be applied Used for almost all cross-domain access, and only needs to be developed in one domain, and the other domain can provide data in any type of format. The disadvantage is that this solution passes through an intermediate Proxy, so the delay may be slightly larger, and it will increase the load on the local server, and the development workload will also be slightly larger.
The script tag solution can be said to be very simple. It can be done without a few lines of code. However, it has strict requirements on the format of the data returned. It can only be data in Json format. If it is data in other formats, then this There is nothing you can do about it this way.
The method of hiding iframe is also very simple. It can handle any returned data format, but it is only applicable to cross-domain requests under the same parent domain, and requires other domains to cooperate in development, that is, document.domain needs to be set. .
For details of the original post: http://blog.csdn.net/lovingprince/archive/2008/09/20/2954675.aspx
---------------- -------------------------------------------------- ----------------
-------------------------------- -----------------------------------------------
Regarding the meaning of JS cross-domain access, I would like to add a few more points:
Cross-domain access, simply speaking, means that the javascript code of website A tries to access website B, including submitting content and obtaining content; for example, if you want to access the page from website A, Execute the JS object in another page in website B, or want to use JS in the page of website A to parse the dom element of a page in website B, etc.; the application scenario where this kind of cross-domain access problem occurs is usually in an iframe Embedding pages in different domains, or sending Ajax requests to different domains, etc.;
Due to security reasons, cross-domain access is prohibited by default by major browsers; however, browsers do not prohibit referencing JS from other domains in the page. file, and can freely execute the functions in the imported JS file; I personally think this is very important!
The judgment rule for whether it is cross-domain is to compare the three: domain name, protocol, and port; if one of the three is different, cross-domain problems will occur; the cross-domain problems we often talk about generally refer to different domain names. Because this scenario has the highest probability of occurring and there are some ways to solve it; such as the cross-domain problem of the second-level domain name under the taobao.com domain mentioned earlier;
The main domain is different, or the protocols are different (such as https and http) cross-domain problems (for example, *.taobao.com domain wants to access content in *.baidu.com domain), it is completely impossible to solve it from the Web side, and can only be solved through the server-side Proxy solution;
Common page control dom elements between different domains include:
window.location can be set, but cannot be read. Access to other location properties and methods is prohibited;
document.href can be set, but not read. Access to other document properties and methods is prohibited;
