A cliche on cross-domain issues

Time:2019-9-17

Some time ago, I chatted with a big manufacturer who was said to be very NB. Then the big man asked me a question, “How to solve the cross-domain problem in the front end of actual production.” I answered that our current situation needs some cooperation from the service side. Then the big man was very dissatisfied and hinted to me about JSONP. Have you used it? I thought it was incredible at that time. Is there only get request in actual production? And this thing is basically not used in the actual production, I began to doubt whether I was left behind, so today I will sort out this piece of knowledge.


When browsers request resources from different domains, they will fail because of the influence of the Same-Origin policy, which is commonly referred to as “cross-domain problem”. As a front-end development, cross-domain often encounters, what we usually call JS cross-domain, refers to the process of processing cross-domain requests, the technical side will be more browser-side, then what is cross-domain?
For security reasons, JavaScript does not allow cross-domain invocation of objects on other pages. When protocol, sub-domain name, main domain name, port number, any one of them is different at different times, that is to say, cross-domain.
When requesting cross-domain, it is not that requests can not be sent out, requests can be sent out, the server can receive requests and return the results normally, but the results are intercepted by browsers. It is precisely because of the limitation of the Same-Origin policy that the requirements of the Same-Origin policy are that the protocol, domain name, and port number are completely consistent before normal communication can be carried out.

Several points need to be clarified:
1. If cross-domain problems are caused by protocols and ports, the front end is powerless.
2. On cross-domain issues, domain is identified only by accessing the header of the URL (.com or.cn and the previous part), not by identifying the IP addresses corresponding to the domain name.
3. The limitations of JSONP in actual production are very large, and it will not be considered basically, and the probability of using JSONP is very small.


Our current situation is to add configuration to the server-side header:

header( "Access-Control-Allow-Origin:*" );
header( "Access-Control-Allow-Methods:POST,GET" );





Do you guys have any good plans? Please give me your advice.

Recommended Today

Seven solutions for distributed transactions

1、 What is distributed transaction Distributed transaction means that transaction participants, transaction supporting servers, resource servers and transaction managers are located on different nodes of different distributed systems. A large operation is completed by more than n small operations. These small operations are distributed on different services. For these operations, either all of them are […]