There are two cases of cross-domain JavaScript: 1. Between subdomains based on the same parent domain, such as: a.c.com and b.c.com 2. Between subdomains based on different parent domains, such as: www.a.com and www.b.com 3. The port is different, such as: www.a.com:8080 and www.a.com:8088 4. The protocol is different, such as: http://www.a. com and https://www.a.com For situations 3 and 4, it needs to be solved through a background proxy. The specific method is as follows: a. Create a proxy program under the initiator's domain b. The initiator's js calls the proxy program under this domain c. The proxy sends the request to the receiver and obtains the corresponding data d. The proxy returns the obtained data to the initiator's js The initiator page code As follows:
using System.Data; using System.Linq; using System.Web; using System.Web.Services; using System.Web.Services.Protocols; using System.Xml.Linq; using System.IO; using System.Net; using System.Text; namespace WebApplication1 { /// /// Summary description for $codebehindclassname$ // / [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class Proxy : IHttpHandler { const int BUFFER_SIZE = 8 * 1024; public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; string src = context.Request ["src"]; WebRequest wr = WebRequest.Create(src); WebResponse wres = wr.GetResponse(); Encoding resEncoding = System.Text.Encoding.GetEncoding("gb2312"); StreamReader sr = new StreamReader(wres.GetResponseStream(), resEncoding); string html = sr.ReadToEnd(); sr.Close(); wres.Close(); context.Response.Write("
"); context.Response.Write(html); } public bool IsReusable { get { return false; } } } }
In addition to using background proxy, there are 7 ways to solve situations 1 and 2: 1. document.domain iframe (only case 1 can be solved): a. On the initiator page and Set document.domain on the receiver page and set the value to the main domain name of the parent domain (window.location.hostname) b. Create a hidden iframe on the initiator page. The source of the iframe is the receiver page c. Depending on the browser, obtain the content of the recipient page through iframe.contentDocument || iframe.contentWindow.document d. Interact with the recipient through the obtained content of the recipient page This One drawback of this method is that when one domain is attacked, security holes will appear in another domain. The initiator page code is as follows:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
