当前位置:网站首页>Same origin strategy and cross domain
Same origin strategy and cross domain
2022-07-25 23:27:00 【Dragon eyes】
One 、 The same-origin policy
1、 What is homology strategy ?
If two pages of the protocol 、 The domain name and port are the same , The two pages have the same source , The default port number is 80( Omission )
The same-origin policy ( English full name same origin policy) It is the eye security function provided by the browser .
**MDN Official concept :** The same origin policy restricts how documents or scripts loaded from the same source interact with resources from another source , This is an important security mechanism for isolating potentially malicious files .
** Easy to understand :** Browser rules ,A Website JavaScript, Not allowed with non homologous sites C Between , Resource interaction .
for example :
1. Can't read non homologous pages cookie,localstorage and indexedDB
2. No access to non homologous web pages DOM
3. Can't send... To a non homologous address Ajax request
Two 、 Cross domain
1、 What is cross-domain ?
Homology refers to two URL The agreement 、 domain name 、 Port consistency , On the contrary, it is cross domain .
2、 The root cause of cross domain :
The browser's homology policy does not allow non homology URL Interact with resources .
3、 Browser interception of cross domain requests
The browser allows cross domain requests , however , Data returned from cross domain requests , Will be blocked by the browser , Unable to get... By the page .
4、 How to implement cross domain requests
Today, , The two main solutions to realize , Namely JSONP and CORS
JSONP : It's early , Compatibility is good. ( Compatible with lower versions IE) It's the front-end programmer to solve cross domain problems , Forced to come up with a temporary solution ;
** shortcoming :** Only support GET request I won't support it POST request
**CORS:** Late appearance , yes W3C standard , Cross domain Ajax The underlying solution to the request , Support GET and POST request
shortcoming : Incompatible with some lower versions of browsers
3、 ... and 、JSONP
1、JSONP Implementation principle of
because Browser homology strategy The limitation of , In the web page Unable to get Ajax Request non homologous interface data , however
边栏推荐
- Mongodb query and projection operators
- BI 系统中为什么会有很多快照表?
- VisualBox启动虚拟机报错:The VM session was closed before any attempt to power it on.
- Recursion of function (use recursion to find the factorial of 1-N) (use recursion to find Fibonacci sequence) (use recursion to traverse data)
- Serialize data type
- PHP binary array is sorted by a field in it
- Dynamic memory management
- ASP date function (what if the disk function is incorrect)
- [QNX hypervisor 2.2 user manual]9.7 generate
- Source code of wechat applet for discerning flowers and plants / source code of wechat applet for discerning plants
猜你喜欢
POI特效 市场调研
initializer_list工具库学习
Grain Academy p98 trample pit e.globalexceptionhandler: null
Source code of YY music wechat applet imitating Netease cloud music
Secure code warrior learning record (IV)
Source code of wechat applet for discerning flowers and plants / source code of wechat applet for discerning plants
@Import
How to set pseudo static for WordPress fixed links
BI 系统中为什么会有很多快照表?
Node Foundation
随机推荐
Es5 new method
Solution of phpstudy service environment 80 port occupied by process system under Windows
About the foundation of fetch
模拟实现string类常用接口
Duplicate numbers in array
学习探索-3d轮播卡片
Classes and objects (2) (6 default member functions)
Simulate and implement common interfaces of string class
Cuteone: a onedrive multi network disk mounting program / with member / synchronization and other functions
Which securities company should a novice choose to open an account? Is it safe?
物理防火墙是什么?有什么作用?
The new UI people help task help PHP source code with a value of 1500 / reward task Tiktok Kwai headline like source code / with three-level distribution can be packaged applet
Redis expiration key deletion strategy [easy to understand]
Pytorch data input format requirements and conversion
The VM session was closed before any attempt to power it on
Computed and watch listening properties
@Autowired annotation required attribute
CTS test method "suggestions collection"
新手开户选择哪个券商公司好呢?安全吗
Qt风格(QSS)应用之QProgressBar