Detailed explanation of JS origin and cross-domain access implementation

php中世界最好的语言
Release: 2018-06-11 15:21:32
Original
1025 people have browsed it

This time I will bring you a detailed explanation of the implementation of JS same-origin and cross-domain access. What are the precautions for the implementation of JS homology and cross-domain access? The following is a practical case, let’s take a look.

1. What is the same-origin policy

#To understand cross-domain, you must first understand the same-origin policy. The Same Origin Policy is a very important security policy implemented on browsers for security reasons.

What is the same origin:

URL consists of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it means that they have the same origin. .

Same origin policy:

The browser's same origin policy restricts "documents" or scripts from different sources from reading or setting the current "document" certain attributes. (White hat talks about web security [1])

Scripts loaded from one domain are not allowed to access document attributes of another domain.

For example:

For example, a malicious website page embeds a bank’s login page through an iframe (the two are from different sources). If there is no same-origin restriction, the javascript script on the malicious webpage will The username and password can be obtained when the user logs into the bank.

In the browser, tags such as

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!