Home>Article>Backend Development> Five solutions for website cross-domain

Five solutions for website cross-domain

little bottle forward: 2019-04-30 13:50:35 5147browse

Because the browser uses the same-origin policy, a cross-domain request occurs. A webpage requests resources from another webpage with a different domain name/different protocol/different port. This is cross-domain. This article provides 5 ways to solve the problem of website cross-domain. Friends who are interested can take a look.

1. What is leapfrog?

A webpage requests resources from another webpage with a different domain name/different protocol/different port. This is cross-domain.
Cross-domain reason: In the current domain name request website, sending other domain names through ajax requests is not allowed by default.

2. Why does a cross-domain request occur?

Because the browser uses the same-origin policy

3. What is the same-origin policy?

The same-origin policy is a well-known security policy proposed by Netscape. All browsers that support JavaScript now use this policy. The same-origin policy is the core and most basic security function of the browser. If the same-origin policy is missing, the normal functions of the browser may be affected. It can be said that the web is built on the basis of the same-origin policy, and the browser is just an implementation of the same-origin policy.

4. Why does the browser use the same-origin policy?

is to ensure the security of user information and prevent malicious websites from stealing data. If the web pages do not meet the same origin requirements, they will not be able to:
- 1. Sharing Cookies, LocalStorage, IndexDB
- 2. Obtaining DOM
- 3. AJAX requests cannot be sent

The non-absolute nature of the same-origin policy:

   <link/> <video/> <audio/></pre>
      <p>and other tags with src attributes can be sent from different domains Load and execute resources. Same-origin policies for other plug-ins: Third-party plug-ins loaded by browsers such as Flash, Java applet, silverlight, and Google Gears also have their own same-origin policies. However, these same-origin policies do not belong to the browser’s native same-origin policies. If there are loopholes, they may Being exploited by hackers, leaving the consequences of XSS attacks</p>
      <p>The so-called same origin refers to: the domain name, network protocol, and port number are the same. If one of the three is different, cross-domain will occur. For example: you use a browser to open<code>http://baidu.com</code>, and when the browser executes the JavaScript script, it is found that the script sends a request to the<code>http://cloud.baidu.com</code>domain name. This The browser will report an error, which is a cross-domain error.</p>
      <h3 id="解决方案有五">There are five solutions:</h3>
      <h4 id="前端使用jsonp-不推荐使用">1. Use jsonp on the front end (not recommended)</h4>
      <ul>
       <li>When we normally request a JSON data, the server returns is a string of JSON type data, and when we use the JSONP mode to request data, the server returns an executable JavaScript code. Because the cross-domain principle of jsonp is to dynamically load the src of the script, we can only pass the parameters through the url, so the type type of jsonp can only be get. Example:</li>
      </ul>
      <pre class="brush:js;toolbar:false;">$.ajax({ url: &#39;http://192.168.1.114/yii/demos/test.php&#39;, //不同的域 type: &#39;GET&#39;, // jsonp模式只有GET 是合法的 data: { &#39;action&#39;: &#39;aaron&#39; }, dataType: &#39;jsonp&#39;, // 数据类型 jsonp: &#39;backfunc&#39;, // 指定回调函数名，与服务器端接收的一致，并回传回来 })</pre>
      <ul>
       <li>The entire process of using JSONP mode to request data: the client sends a request and specifies an executable function name (here jQuery does the encapsulation process, automatically generates a callback function for you and takes out the data for the success attribute method) Call, instead of passing a callback handle), the server accepts the backfunc function name, and then sends the data in the form of actual parameters<br></li>
       <li>(In the jquery source code, the implementation of jsonp is Dynamically add the<code>3f1c4e4b6b16bbbd69b2ee476dc4f83a</code>tag to call the js script provided by the server. jquery will load a global function in the window object, and the function will be executed when the<code>3f1c4e4b6b16bbbd69b2ee476dc4f83a</code>code is inserted. After execution,<code>3f1c4e4b6b16bbbd69b2ee476dc4f83a</code>will be removed. At the same time, jquery has also optimized non-cross-domain requests. If the request is under the same domain name, it will be like a normal Ajax request. Works the same.)</li>
      </ul>
      <h4 id="后台http请求转发">2. Background Http request forwarding</h4>
      <ul>
       <li>Use HttpClinet forwarding for forwarding (this method is not recommended for simple examples)</li>
      </ul>
      <pre class="brush:js;toolbar:false;">try { HttpClient client = HttpClients.createDefault(); //client对象 HttpGet get = new HttpGet("http://localhost:8080/test"); //创建get请求 CloseableHttpResponse response = httpClient.execute(get); //执行get请求 String mes = EntityUtils.toString(response.getEntity()); //将返回体的信息转换为字符串 System.out.println(mes); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); }</pre>
      <h4 id="后台配置同源cors-推荐">3. Configure same-origin Cors in the background (recommended)</h4>
      <ul>
       <li>Use the following code configuration for cross-domain cross-domain on SpringBoot2.0 to perfectly solve your front-end and back-end cross-domain request problems</li>
      </ul>
      <p>Use the following code configuration for cross-domain on SpringBoot2.0 to perfectly solve your front-end and back-end cross-domain request problems</p>
      <pre class="brush:js;toolbar:false;">import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; /** * 实现基本的跨域请求 * @author linhongcun * */ @Configuration public class CorsConfig { @Bean public CorsFilter corsFilter() { final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource(); final CorsConfiguration corsConfiguration = new CorsConfiguration(); /*是否允许请求带有验证信息*/ corsConfiguration.setAllowCredentials(true); /*允许访问的客户端域名*/ corsConfiguration.addAllowedOrigin("*"); /*允许服务端访问的客户端请求头*/ corsConfiguration.addAllowedHeader("*"); /*允许访问的方法名,GET POST等*/ corsConfiguration.addAllowedMethod("*"); urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration); return new CorsFilter(urlBasedCorsConfigurationSource); } }</pre>
      <h4 id="使用springcloud网关">4. Use SpringCloud gateway</h4>
      <ul>
       <li><p>Service gateway (zuul), also known as routing center, is used to uniformly access all API interfaces and maintain services.</p></li>
       <li><p>Spring Cloud Zuul realizes automated maintenance of service instances through integration with Spring Cloud Eureka, so when using service routing configuration, we do not need to use traditional routing configuration methods To specify a specific service instance address, just use the Ant mode configuration file parameters</p></li>
      </ul>
      <h4 id="使用nginx做转发">5、使用nginx做转发</h4>
      <ul>
       <li>现在有两个网站想互相访问接口 在<code>http://a.a.com:81/A</code>中想访问<code>http://b.b.com:81/B</code>那么进行如下配置即可</li>
       <li>然后通过访问<code>www.my.com/A</code>里面即可访问<code>www.my.com/B</code></li>
      </ul>
      <pre class="brush:js;toolbar:false;">server { listen 80; server_name www.my.com; location /A { proxy_pass http://a.a.com:81/A; index index.html index.htm; } location /B { proxy_pass http://b.b.com:81/B; index index.html index.htm; } }</pre>
      <ul>
       <li>如果是两个端口想互相访问接口 在<code>http://b.b.com:80/Api</code>中想访问<code>http://b.b.com:81/Api</code>那么进行如下配置即可</li>
       <li>使用nginx转发机制就可以完成跨域问题</li>
      </ul>
      <pre class="brush:js;toolbar:false;">server { listen 80; server_name b.b.com; location /Api { proxy_pass http://b.b.com:81/Api; index index.html index.htm; } }</pre>
      <p>希望本篇文章对你有所帮助。</p>
      <p>The above is the detailed content of Five solutions for website cross-domain. For more information, please follow other related articles on the PHP Chinese website!</p>
     </div>
     <div class="nphpQianMsg">
      <a href="javascript:void(0);">Java</a>
      <a href="javascript:void(0);">JavaScript</a>
      <a href="javascript:void(0);">spring</a>
      <a href="javascript:void(0);">nginx</a>
      <a href="javascript:void(0);">spring cloud</a>
      <a href="javascript:void(0);">json</a>
      <a href="javascript:void(0);">jquery</a>
      <a href="javascript:void(0);">ajax</a>
      <a href="javascript:void(0);">xss</a>
      <a href="javascript:void(0);">封装</a>
      <a href="javascript:void(0);">Cookie</a>
      <a href="javascript:void(0);">回调函数</a>
      <a href="javascript:void(0);">接口</a>
      <a href="javascript:void(0);">实参</a>
      <a href="javascript:void(0);">JS</a>
      <a href="javascript:void(0);">对象</a>
      <a href="javascript:void(0);">eureka</a>
      <a href="javascript:void(0);">http</a>
      <a href="javascript:void(0);">自动化</a>
      <div class="clear"></div>
     </div>
     <div class="nphpQianSheng">
      <span>Statement：</span>
      <div>
       This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete
      </div>
     </div>
    </div>
    <div class="nphpSytBox">
     <span>Previous article：<a class="dBlack" title="Redis single data multi-source ultra-high concurrency solution" href="//m.sbmmt.com/m/faq/417888.html">Redis single data multi-source ultra-high concurrency solution</a></span>
     <span>Next article：<a class="dBlack" title="Redis single data multi-source ultra-high concurrency solution" href="//m.sbmmt.com/m/faq/417986.html">Redis single data multi-source ultra-high concurrency solution</a></span>
    </div>
    <div class="nphpSytBox2">
     <div class="nphpZbktTitle">
      <h2>Related articles</h2>
      <em><a href="//m.sbmmt.com/m/article.html" class="bBlack"><i>See more</i><b></b></a></em>
      <div class="clear"></div>
     </div>
     <ul class="nphpXgwzList">
      <li><b></b><a href="//m.sbmmt.com/m/faq/415473.html" title="What is cross-domain and how to solve it" class="aBlack">What is cross-domain and how to solve it</a>
       <div class="clear"></div></li>
      <li><b></b><a href="//m.sbmmt.com/m/faq/415774.html" title="Introduction to the complete structure of URL and same-origin cross-domain processing" class="aBlack">Introduction to the complete structure of URL and same-origin cross-domain processing</a>
       <div class="clear"></div></li>
      <li><b></b><a href="//m.sbmmt.com/m/faq/416872.html" title="Introduction to solutions to cross-domain request POST" class="aBlack">Introduction to solutions to cross-domain request POST</a>
       <div class="clear"></div></li>
      <li><b></b><a href="//m.sbmmt.com/m/faq/417489.html" title="PHP implements server-side to allow client-side ajax cross-domain" class="aBlack">PHP implements server-side to allow client-side ajax cross-domain</a>
       <div class="clear"></div></li>
     </ul>
    </div>
   </div>
   <div class="nphpFoot">
    <div class="nphpFootBg">
     <ul class="nphpFootMenu">
      <li><a href="//m.sbmmt.com/m/"><b class="icon1"></b><p>Home</p></a></li>
      <li><a href="//m.sbmmt.com/m/course.html"><b class="icon2"></b><p>Course</p></a></li>
      <li><a href="//m.sbmmt.com/m/wenda.html"><b class="icon4"></b><p>Q&A</p></a></li>
      <li><a href="//m.sbmmt.com/m/login"><b class="icon5"></b><p>My</p></a></li>
      <div class="clear"></div>
     </ul>
    </div>
   </div>
   <div class="nphpYouBox" style="display: none;">
    <div class="nphpYouBg">
     <div class="nphpYouTitle">
      <span onclick="$('.nphpYouBox').hide()"></span>
      <a href="//m.sbmmt.com/m/"></a>
      <div class="clear"></div>
     </div>
     <ul class="nphpYouList">
      <li><a href="//m.sbmmt.com/m/"><b class="icon1"></b><span>Home</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/course.html"><b class="icon2"></b><span>Course</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/article.html"><b class="icon3"></b><span>Article</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/wenda.html"><b class="icon4"></b><span>Q&A</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/dic.html"><b class="icon6"></b><span>Dictionary</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/course/type/99.html"><b class="icon7"></b><span>Manual</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/xiazai/"><b class="icon8"></b><span>Download</span>
        <div class="clear"></div></a></li>
      <li><a href="//m.sbmmt.com/m/faq/zt" title=""><b class="icon12"></b><span>Topic</span>
        <div class="clear"></div></a></li>
      <div class="clear"></div>
     </ul>
    </div>
   </div>
   <div class="nphpDing" style="display: none;">
    <div class="nphpDinglogo">
     <a href="//m.sbmmt.com/m/"></a>
    </div>
    <div class="nphpNavIn1">
     <div class="swiper-container nphpNavSwiper1">
      <div class="swiper-wrapper">
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/">Home</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/article.html" class="hover">Article</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/wenda.html">Q&A</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/course.html">Course</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/faq/zt">Topic</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/xiazai">Download</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/game">Game</a>
       </div>
       <div class="swiper-slide">
        <a href="//m.sbmmt.com/m/dic.html">Dictionary</a>
       </div>
       <div class="clear"></div>
      </div>
     </div>
     <div class="langadivs">
      <a href="javascript:;" class="bg4 bglanguage"></a>
      <div class="langadiv">
       <a onclick="javascript:setlang('zh-cn');" class="language course-right-orders chooselan " href="javascript:;"><span>简体中文</span><span>（ZH-CN）</span></a>
       <a onclick="javascript:;" class="language course-right-orders chooselan chooselanguage" href="javascript:;"><span>English</span><span>（EN）</span></a>
       <a onclick="javascript:setlang('zh-tw');" class="language course-right-orders chooselan " href="javascript:;"><span>繁体中文</span><span>（ZH-TW）</span></a>
       <a onclick="javascript:setlang('ja');" class="language course-right-orders chooselan " href="javascript:;"><span>日本語</span><span>（JA）</span></a>
       <a onclick="javascript:setlang('ko');" class="language course-right-orders chooselan " href="javascript:;"><span>한국어</span><span>（KO）</span></a>
       <a onclick="javascript:setlang('ms');" class="language course-right-orders chooselan " href="javascript:;"><span>Melayu</span><span>（MS）</span></a>
       <a onclick="javascript:setlang('fr');" class="language course-right-orders chooselan " href="javascript:;"><span>Français</span><span>（FR）</span></a>
       <a onclick="javascript:setlang('de');" class="language course-right-orders chooselan " href="javascript:;"><span>Deutsch</span><span>（DE）</span></a>
      </div>
     </div>
    </div>
   </div>
   <!--顶部导航 end-->
  </div>
  <link rel="stylesheet" id="_main-css" href="//m.sbmmt.com/m/static/css/viewer.min.css" type="text/css" media="all">
 </body>
</html>