AJAX cross-domain knowledge

This time I will bring you the cross-domain knowledge of AJAX. What are the precautions when using AJAX cross-domain. Here are practical cases, let’s take a look.

1. What is AJAX cross-domain

Ajax requests a web resource whose target address is a non-local domain (the protocol, domain name, and port are any different), and obtains external application data based on the response.
When we request an external service, the browser will deny authorized access based on security issues.

2. Reasons for cross-domain issues

2.1 Browser's same-origin policy

2.1.1 The meaning of the same-origin policy

In 1995, the same Origin policy was introduced into the browser by Netscape Corporation. Currently, all browsers implement this policy.
Initially, its meaning is that the cookie set by web page A cannot be opened by web page B unless the two web pages have the same origin. The so-called "same origin" refers to "three similarities".

Same protocol, same domain name, same port, same port

2.1.2 The purpose of the same origin policy

The purpose of the same origin policy is to ensure the security of user information and prevent malicious websites Steal data.

2.1.3 Restrictive scope of the same-origin policy

 With the development of the Internet, the "same-origin policy" has become increasingly strict. Currently, there are three behaviors that are restricted if they are not of the same origin.

Cookie, LocalStorage and IndexDB cannot be read.

DOM cannot be obtained.

The AJAX request cannot be sent.

3. Methods to solve cross-domain issues

3.1 Prohibit browsers from checking

Turn off the same-origin policy by setting parameters for the browser.
Take chrome as an example:

3.1.1 windows

Right-click the chrome shortcut and add parameters to the browser in Properties:
--disable -web-security --user-data-dir
Shortcut addition location:

3.1.2 linux

chromium-browser --disable-web-security

3.1.3 mac

open -a "Google Chrome" --args --disable-web-security --user-data-dir

3.2 Using JSONP

3.2.1 JSONP concept

JSONP (JSON with Padding) is a "usage mode" of JSON, available To solve the problem of cross-domain data access by mainstream browsers. Due to the same-origin policy, generally speaking, web pages located at server1.example.com cannot communicate with servers other than server1.example.com, with the exception of the HTML <script> element. Using the open policy of the <script> element, web pages can obtain JSON data dynamically generated from other sources, and this usage pattern is called JSONP. The data captured with JSONP is not JSON, but arbitrary <a href="http://www.php.cn/wiki/48.html" target="_blank">JavaScript, which is executed with a JavaScript interpreter instead of parsed with a JSON parser. </script>

3.2.2 The use of JSONP

Implement support for JSONP on the server side

Jquery calling method ($.ajax() method)

$.ajax({url:'www.example.com/a.php?id=1',dataType:'jsonp',jsonp:'jsonp_callback',success:function(){//dostuff},
});

3.2 .3 Disadvantages of JSONP

Need to change the server code

You can only use the GET method to request

What is sent is not an XHR request but a script

Believe it or not After reading the case in this article, you have mastered the method. For more exciting information, please pay attention to other related articles on the PHP Chinese website!

Recommended reading:

JavaScript code to animate text

JavaScript code snippet to determine whether the date is valid

The above is the detailed content of AJAX cross-domain knowledge. For more information, please follow other related articles on the PHP Chinese website!