@TOC

Preface

1. The causes of cross domain

Why cross domain requests exist ： Because of the browser's same origin policy , That is, the pages belonging to different fields cannot visit each other's page content .

2. Solutions for cross domain

2.1 Front end approach

1.imge.src,script.src,style.href The resources of other domains can be loaded without the influence of the same origin policy , You can use this feature , Send data to the server . The most common is to use image.src Send error messages from the front end to the server .image.src and style.href Can't get the data from the server ,script.src Server side cooperation can get data return .

2.possMessage,window.name,document.domain Two windows directly transfer data to each other .

（1）possMessage yes HTML5 In the new , Use restrictions are Must get the window quote .IE8+ Support ,firefox,chrome,safair,opera Support

（2）window.name , When you open another page in one page ,window.name Is Shared , So you can go through window.name To transfer data ,window.name The limit size of is 2M, All browsers support this , And there's no limit .

（3） document.domain Two pages of document.domain Set to same ,document.domain Can only be set as parent domain name , Both accessible , Usage restriction ： This top-level domain name must be the same

2.2 Back end mode

CORS yes w3c Standard way , By means of web Server settings ： Response head Access-Cntrol-Alow-Origin To specify which domains can access the data of this domain .

ie8&9(XDomainRequest),10+,chrom4 ,firefox3.5,safair4,opera12 Support this way .

One 、ASP.NET Core Middleware implementation CORS

1. Middleware code

using Microsoft.AspNetCore.Http;using System.Threading.Tasks;namespace Core.Api{    /// <summary>    ///  Cross domain middleware     /// </summary>    public class CorsMiddleware    {        private readonly RequestDelegate _next;        /// <summary>        ///  When the pipeline is executed to this middleware, the next middleware RequestDelegate request , If there are other parameters , It is also obtained by injection         /// </summary>        /// <param name="next"> Next handler </param>        public CorsMiddleware(RequestDelegate next)        {            _next = next;        }        /// <summary>        ///  Customize the logic to be executed by the middleware         /// </summary>        /// <param name="context"></param>        /// <returns></returns>        public async Task Invoke(HttpContext context)        {            context.Response.Headers.Add("Access-Control-Allow-Origin", "*");            context.Response.Headers.Add("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"]);            context.Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");            // if OPTIONS Cross domain requests are returned directly , Do not enter subsequent pipelines             if (context.Request.Method.ToUpper() != "OPTIONS")                await _next(context);// hold context Pass in to execute the next middleware         }    }}

2. Use in pipes

public void Configure(IApplicationBuilder app, IWebHostEnvironment env){    app.UseMiddleware<CorsMiddleware>()// Cross domain }