Web Front-end
CSS Tutorial
Detailed introduction to same-origin and cross-domain front-end interviews
Detailed introduction to same-origin and cross-domain front-end interviews
Cross-domain is caused by the browser's same-origin policy. It refers to the url address requested by the page. It must be in the same domain as the url address on the browser (that is, the domain name, port, and protocol are the same). The following article explains Let me introduce to you the relevant information about the same origin and cross-domain that are necessary for front-end interviews. The article introduces it in detail through sample code. Friends who need it can refer to it.
Preface
As we all know, the browser’s same-origin strategy and cross-domain methods are also issues with a high appearance rate in front-end interviews. This article I mainly shared with you about the same-origin and cross-domain issues that will be encountered during front-end interviews. I won’t go into more details below. Let’s take a look at the detailed introduction.
What is the same-origin policy
The same-origin policy is used to restrict how documents or scripts loaded from one source can interact with documents or scripts loaded from another source. It is a key security mechanism for isolating potentially malicious files.
What is the same origin?
If the protocol, domain name and port are the same for two pages, then the two pages are of the same origin. For example: http://www.hyuhan.com/index.html For this website, the protocol is http, the domain name is www.hyuhan.com, the port is 80 (default port), and its origin is as follows:
http://www.hyuhan.com/other.html: same origin
http://hyuhan.com/other.html: different origin ( Different domain names)
https://www.hyuhan.com/other.html: Different sources (different protocols)
http:/ /www.hyuhan.com:81/other.html: Different sources (different ports)
The same-origin policy is to protect the security of user information. The main restrictions restricted by the same-origin policy are The following behaviors:
Cookie, LocalStorage and IndexDB cannot be read
DOM cannot be operated
AJAX request cannot be sent
How to perform cross-domain access
How to perform cross-domain AJAX request
There are three main methods to bypass the restrictions of the same-origin policy and make cross-domain AJAX requests.
JSONP
JSONP is a common method for cross-domain communication between the client and the server. Use the cross-domain The callback parameter of src is used to set the name of the callback function that needs to be called by the backend. The data returned by the server is as follows: In this way, the front-end can read the back-end data across domains. However, jsopn can only make get requests and cannot send post requests. WebSocket WebSocket is a new network protocol based on TCP. It does not implement the same-origin policy. As long as the server supports it, cross-domain access is possible. And WebSocket is not limited to Ajax communication, because Ajax technology requires the client to initiate a request, and the WebSocket server and client can push information to each other. CORS CORS is the abbreviation of Access-Control-Allow-Origin (cross-domain resource sharing), which is a W3C standard. CORS needs to be supported by both the browser and the server. Currently, basically all browsers support this feature. Server-side support for CORS is mainly performed by setting Access-Control-Allow-Origin. If the browser detects the corresponding settings, it can allow Ajax cross-domain access. document.domain Cookie is information written by the server to the browser. For security reasons, only web pages with the same origin can be shared. However, if the first-level domain names of the two web pages are the same but the domain names of the headphones are different, you can share cookies by setting document.domain. For example, the domain name of one web page is http://w1.example.com/a.html and the domain name of another web page is http://w2.example.com/b.html. As long as they are set the same document.domain, the two web pages can share cookies. postMessage API The postMessage() method allows scripts from different sources to communicate in an asynchronous manner in a limited manner, enabling cross-document, multi-window, and cross-domain messaging. . Use the postMessage() function to pass the message, and the target page listens to the message event of the window to receive the message. Using postMessage, we can read LocalStorage, IndexDB and DOM data across domains. window.name The browser window has the window.name attribute. This attribute stipulates that regardless of whether it has the same source or not, as long as it is in a window, the previous web page is set This attribute can be read by the next web page. That is, within the life cycle of a window (window), all pages loaded by the window share a window.name. Each page has read and write permissions for window.name. Window.name persists in a window. of all pages loaded. Obviously, this can achieve cross-domain access. The above is the detailed content of Detailed introduction to same-origin and cross-domain front-end interviews. For more information, please follow other related articles on the PHP Chinese website!window.onload = function() {
var script = document.createElement('script');
script.src = "http://example.com/callback=test";
document.appendChild(script);
}
function test(res) {
console.log(res);
}test({
"name": "小明",
"age": 24
})
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Detailed introduction to what wapi is
Jan 07, 2024 pm 09:14 PM
Users may have seen the term wapi when using the Internet, but for some people they definitely don’t know what wapi is. The following is a detailed introduction to help those who don’t know to understand. What is wapi: Answer: wapi is the infrastructure for wireless LAN authentication and confidentiality. This is like functions such as infrared and Bluetooth, which are generally covered near places such as office buildings. Basically they are owned by a small department, so the scope of this function is only a few kilometers. Related introduction to wapi: 1. Wapi is a transmission protocol in wireless LAN. 2. This technology can avoid the problems of narrow-band communication and enable better communication. 3. Only one code is needed to transmit the signal
Detailed explanation of whether x220 supports upgrading to Windows 11
Dec 27, 2023 pm 11:47 PM
The x220 is a laptop launched by Lenovo in 2012, almost ten years ago. As an old model, many users want to know whether they can upgrade to the latest win11 system. In fact, this computer can be upgraded, but it cannot be upgraded through Microsoft's push method. Can x220 be upgraded to win11: Answer: x220 can be upgraded to win111. Although x220 can be upgraded to win11, the system cannot be upgraded through the methods provided by Microsoft. 2. Because Microsoft has very high hardware configuration requirements for win11 this time, if it is not met, you must use other methods to upgrade. 3. Users who want to upgrade win11 can first download a win11 one-click reinstallation file from this site. 4
How to check the authenticity of JBL headphones
Dec 29, 2023 pm 10:54 PM
JBL headphones are the first choice for many music listening users, with rave reviews, but everyone is still very afraid of fakes. So how can you check the authenticity of JBL headphones to avoid this problem? Let’s see how to query below. How to check the authenticity of jbl headphones: 1. First enter the "China Product Information Verification Center". 2. Then enter the query code to check whether it is correct and determine whether it is genuine. 3. You can also distinguish it by the clarity of the earphone sound. The sound of genuine headphones is very clear and the sound quality will not change. The sound of counterfeit headphones will have a lot of adulteration, and the sound quality is also very poor. 4. You can turn up the sound of your headphones to the maximum to see if it is harmonious. The sound of real headphones is the same. But the sound of the fake headphones is on
Detailed explanation of whether win11 can run PUBG game
Jan 06, 2024 pm 07:17 PM
Pubg, also known as PlayerUnknown's Battlegrounds, is a very classic shooting battle royale game that has attracted a lot of players since its popularity in 2016. After the recent launch of win11 system, many players want to play it on win11. Let's follow the editor to see if win11 can play pubg. Can win11 play pubg? Answer: Win11 can play pubg. 1. At the beginning of win11, because win11 needed to enable tpm, many players were banned from pubg. 2. However, based on player feedback, Blue Hole has solved this problem, and now you can play pubg normally in win11. 3. If you meet a pub
Does Bluetooth 5.3 require mobile phone support? For details please see
Jan 14, 2024 pm 04:57 PM
When we buy a mobile phone, we will see that there is a Bluetooth support option in the mobile phone parameters. Sometimes we will encounter a situation where the purchased Bluetooth headset does not match the mobile phone. So does Bluetooth 5.3 need to be supported by the mobile phone? In fact, it is not necessary. Does Bluetooth 5.3 require mobile phone support? Answer: Bluetooth 5.3 requires mobile phone support. However, any mobile phone that supports Bluetooth can be used. 1. Bluetooth is backward compatible, but using the corresponding version requires mobile phone support. 2. For example, if we buy a wireless Bluetooth headset using Bluetooth 5.3. 3. Then, if our mobile phone only supports Bluetooth 5.0, then Bluetooth 5.0 is used when connecting. 4. Therefore, we can still use this mobile phone to connect headphones to listen to music, but the speed is not as good as Bluetooth.
Analysis of frequently asked questions about Cyberpunk 2077
Jan 05, 2024 pm 06:05 PM
Recently, a super popular game Cyberpunk 2077 has been launched online. Many users are rushing to download and experience it. However, there are still many problems in the process. Today we bring you some frequently asked questions about playing Cyberpunk 2077. Come and see if you want anything. Frequently asked questions about playing Cyberpunk 2077: 1. Price details: 1. The purchase price on the steam game platform is: 298 yuan. 2. The purchase price of the epic game platform is: 43 US dollars = 282 yuan. 3. The purchase price of ps4 game terminal is: 400 yuan + HKD and 380 yuan + RMB boxed. 4. The purchase price of Russia in the Russian area is: 172 yuan. 2. Configuration details: 1. Minimum configuration (1080P): GT
Detailed introduction to whether i5 processor can install win11
Dec 27, 2023 pm 05:03 PM
i5 is a series of processors owned by Intel. It has various versions of the 11th generation i5, and each generation has different performance. Therefore, whether the i5 processor can install win11 depends on which generation of the processor it is. Let’s follow the editor to learn about it separately. Can i5 processor be installed with win11: Answer: i5 processor can be installed with win11. 1. The eighth-generation and subsequent i51, eighth-generation and subsequent i5 processors can meet Microsoft’s minimum configuration requirements. 2. Therefore, we only need to enter the Microsoft website and download a "Win11 Installation Assistant" 3. After the download is completed, run the installation assistant and follow the prompts to install Win11. 2. i51 before the eighth generation and after the eighth generation
Introducing the latest Win 11 sound tuning method
Jan 08, 2024 pm 06:41 PM
After updating to the latest win11, many users find that the sound of their system has changed slightly, but they don’t know how to adjust it. So today, this site brings you an introduction to the latest win11 sound adjustment method for your computer. It is not difficult to operate. And the choices are diverse, come and download and try them out. How to adjust the sound of the latest computer system Windows 11 1. First, right-click the sound icon in the lower right corner of the desktop and select "Playback Settings". 2. Then enter settings and click "Speaker" in the playback bar. 3. Then click "Properties" on the lower right. 4. Click the "Enhance" option bar in the properties. 5. At this time, if the √ in front of "Disable all sound effects" is checked, cancel it. 6. After that, you can select the sound effects below to set and click
