当前位置:网站首页>Same origin strategy and cross domain
Same origin strategy and cross domain
2022-07-25 23:27:00 【Dragon eyes】
One 、 The same-origin policy
1、 What is homology strategy ?
If two pages of the protocol 、 The domain name and port are the same , The two pages have the same source , The default port number is 80( Omission )
The same-origin policy ( English full name same origin policy) It is the eye security function provided by the browser .
**MDN Official concept :** The same origin policy restricts how documents or scripts loaded from the same source interact with resources from another source , This is an important security mechanism for isolating potentially malicious files .
** Easy to understand :** Browser rules ,A Website JavaScript, Not allowed with non homologous sites C Between , Resource interaction .
for example :
1. Can't read non homologous pages cookie,localstorage and indexedDB
2. No access to non homologous web pages DOM
3. Can't send... To a non homologous address Ajax request
Two 、 Cross domain
1、 What is cross-domain ?
Homology refers to two URL The agreement 、 domain name 、 Port consistency , On the contrary, it is cross domain .
2、 The root cause of cross domain :
The browser's homology policy does not allow non homology URL Interact with resources .
3、 Browser interception of cross domain requests
The browser allows cross domain requests , however , Data returned from cross domain requests , Will be blocked by the browser , Unable to get... By the page .
4、 How to implement cross domain requests
Today, , The two main solutions to realize , Namely JSONP and CORS
JSONP : It's early , Compatibility is good. ( Compatible with lower versions IE) It's the front-end programmer to solve cross domain problems , Forced to come up with a temporary solution ;
** shortcoming :** Only support GET request I won't support it POST request
**CORS:** Late appearance , yes W3C standard , Cross domain Ajax The underlying solution to the request , Support GET and POST request
shortcoming : Incompatible with some lower versions of browsers
3、 ... and 、JSONP
1、JSONP Implementation principle of
because Browser homology strategy The limitation of , In the web page Unable to get Ajax Request non homologous interface data , however
边栏推荐
- Duplicate numbers in array
- Recursion of function (use recursion to find the factorial of 1-N) (use recursion to find Fibonacci sequence) (use recursion to traverse data)
- Summary of common PHP functions
- serialization and deserialization
- PyTorch的数据输入格式要求及转换
- Npm+ module loading mechanism
- Inheritance (the child constructor inherits the attributes in the parent constructor)
- TS function
- ratio学习之ratio_add,ratio_subtract,ratio_multiply,ratio_divide的使用
- EasyExcel实用技巧
猜你喜欢
@Import
类和对象(3)
Classes and objects (2) (6 default member functions)
Unity uses macros
电商RPA,大促轻松上阵的法宝
XxE & XML external entity injection utilization and bypass
Why are there many snapshot tables in the BI system?
Source code of wechat applet for discerning flowers and plants / source code of wechat applet for discerning plants
npm+模块加载机制
Take away applet with main version of traffic / repair to add main access function of traffic
随机推荐
[code case] blog page design (with complete source code)
Multimodal deep multi modal sets
[QNX Hypervisor 2.2用户手册]9.7 generate
Classes and objects (2) (6 default member functions)
Mongodb update operator (modifier)
2022 Niuke multi School Game 2
数组中重复的数字
How does Navicat modify the language (Chinese or English)?
MES系统设备管理概述(下)
Serialize common default values and column parameters
Scaffold installation
Secure code warrior learning record (III)
Apple CMS V10 template /mxone Pro adaptive film and television website template
行云管家V6.5.1/2/3系列版本发布:数据库OpenAPI能力持续强化
@Import
Inheritance (the child constructor inherits the attributes in the parent constructor)
新手开户选择哪个券商公司好呢?安全吗
Mongodb query and projection operators
Kotlin 常用知识点汇总
How to set pseudo static for WordPress fixed links