How to set up Ajax to achieve cross-domain access

This time I will show you how to set up Ajax to achieve cross-domain access. What are the precautions for setting up Ajax to achieve cross-domain access? The following is a practical case, let's take a look.

ajax cross-domain access is an old problem. There are many solutions. The more commonly used method is the JSONP method. The JSONP method is an unofficial method, and this method only supports the GET method, which is not as safe as the POST method.

Even if you use the jsonp method of

jQuery and set the type to POST, it will automatically change to GET.

Official problem description:

“script”: Evaluates the response as

JavaScript and returns it as plain text. Disables caching by appending a query string parameter, “_=[TIMESTAMP]“, to the URL unless the cache option is set to true.Note: This will turn POSTs into GETs for remote-domain requests.

if To use the POST method across domains, you can create a hidden iframe to achieve the same principle as ajax uploading images, but this will be more troublesome.

Therefore, it is relatively simple to achieve cross-domain access by setting

Access-Control-Allow-Origin.

For example: the client's domain name is www.client.com, and the requested domain name is www.server.com

If you directly use ajax to access, there will be the following error

XMLHttpRequest cannot load http://www.server.com/server.PHP. No 'Access-Control-Allow-Origin' header is present on the requested

resource.Origin 'http://www.client .com' is therefore not allowed access.

Ajax POST cross-domain access can be achieved by adding

// 指定允许其他域名访问 
header('Access-Control-Allow-Origin:*'); 
// 响应类型 
header('Access-Control-Allow-Methods:POST'); 
// 响应头设置 
header('Access-Control-Allow-Headers:x-requested-with,content-type');

to the requested Response header.

The code is as follows:

client.html Path: http://www.client.com/client.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
<html> 
 <head> 
 <meta http-equiv="content-type" content="text/html;charset=utf-8"> 
 <title> 跨域测试 </title> 
 <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> 
 </head> 
 <body> 
 <p id="show"></p> 
 <script type="text/javascript"> 
 $.post("http://www.server.com/server.php",{name:"fdipzone",gender:"male"}) 
 .done(function(data){ 
 document.getElementById("show").innerHTML = data.name + ' ' + data.gender; 
 }); 
 </script> 
 </body> 
</html>

server.php Path: http://www .server.com/server.php

<?php 
$ret = array( 
 &#39;name&#39; => isset($_POST['name'])? $_POST['name'] : '', 
 'gender' => isset($_POST['gender'])? $_POST['gender'] : '' 
); 
header('content-type:application:json;charset=utf8'); 
header('Access-Control-Allow-Origin:*'); 
header('Access-Control-Allow-Methods:POST'); 
header('Access-Control-Allow-Headers:x-requested-with,content-type'); 
echo json_encode($ret); 
?>

Access-Control-Allow-Origin:* means allowing cross-domain access from any domain name

If you need

Specify a domain name to allow it For cross-domain access, just change Access-Control-Allow-Origin:* to Access-Control-Allow-Origin:allowed domain names

For example: header('Access-Control- Allow-Origin:http://www.client.com');

If you need

Set multiple domain namesto allow access, you need to use php to process it

For example Allow www.client.com and www.client2.com to have cross-domain access

server.php modified to

<?php 
$ret = array( 
 &#39;name&#39; => isset($_POST['name'])? $_POST['name'] : '', 
 'gender' => isset($_POST['gender'])? $_POST['gender'] : '' 
); 
header('content-type:application:json;charset=utf8'); 
$origin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : ''; 
$allow_origin = array( 
 'http://www.client.com', 
 'http://www.client2.com' 
); 
if(in_array($origin, $allow_origin)){ 
 header('Access-Control-Allow-Origin:'.$origin); 
 header('Access-Control-Allow-Methods:POST'); 
 header('Access-Control-Allow-Headers:x-requested-with,content-type'); 
} 
echo json_encode($ret); 
?>

Source code download address: http://xiazai.jb51.net/201702/yuanma/demo(jb51.net)

The following are the additions from other netizens:

When I was using cocos2d-js to make games recently,

An error occurs when using ajax cross-domain access request locally:

XMLHttpRequest cannot loadhttp://www.zjblogs.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

I checked online and the solution is as follows:

1. If the requested url is an aspx page, you need to add code to the aspx page ：Response.AddHeader("Access-Control-Allow-Origin", "*");

2. If the requested url is a PHP page, you need to add code to the PHP page: header("Access- Control-Allow-Origin: *");

3. If the requested url is a static html page, you need to add the meta tag code to the page:

The * here means allowed All domain names are accessed. If the server can determine which domain names are to be accessed, it is best to replace the "*" in the above code with a specific domain name. This can enhance security accordingly.

I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to other related articles on the php Chinese website!

Recommended reading:

Using Ajax to implement registration and avatar upload functions

How to use Ajax and $.ajax

The above is the detailed content of How to set up Ajax to achieve cross-domain access. For more information, please follow other related articles on the PHP Chinese website!