• [cross domain]


    preface This article was written by the author in 2008“Those coquettish cross domain operations in those days”Remake power enhanced version of.Gu Yun reviewed the old and learned the new. Looking back at the articles of that year, he still felt that there were many deficiencies and omissions, and there was still a lack of depth […]

  • Ajax FAQ summary [interview review]


    html template <!DOCTYPE html> <html lang=”en”> <head> <meta charset=”UTF-8″> <meta name=”viewport” content=”width=device-width, initial-scale=1.0″> <meta http-equiv=”X-UA-Compatible” content=”ie=edge”> < title > Ajax demo < / Title > </head> <body> <p>A paragraph of text 1</p> <script></script> </body> </html> /data/test.json { “name”: “zhangsan” } Handwritten XMLHttpRequest xhr.readyState 0 – (uninitialized) the send() method has not been called 1 – […]

  • Spirit shows you how to safely introduce third-party resources


    Spirit shows you how to safely introduce third-party resources This article introduces how to safely introduce third-party resources Homology strategy (SOP) First of all, let’s understand what is homology strategy. The following is the definition of Wiki encyclopedia ✨ Homology strategy refers to the web browser that allows a web page script to access the […]

  • Homology of chrome


    Long time no see. there you go again Long time no see. But sometimes I think, people still have to learn. Persistence is really a useful ability. Chrome’s homology strategy brief introduction Same origin: that is, the three common elements, protocol, host name and port (scheme, hostname and port) must be the same. Same site: […]

  • Homology and cross domain


    Homologous strategy( ⭐⭐⭐) What is homology If the protocol, domain name and port of the two pages are the same, the two pages haveSame source。 For example, the following table shows the relativehttp://www.test.com/index.htmlPage homology detection: Homology strategy png What is homology strategy Homologous strategy(full English Name: same origin Policy)browserOne providedSafety function MDNOfficially given concept: the […]

  • Common front-end cross domain solutions


    What is cross domain? Cross domain refers to a document or script in one domain trying to request resources in another domain. Here, cross domain is generalized. Broad cross domain: 1. Resource jump: a link, redirection, form submission 2. Resource embedding:<link>、<script>、<img>、<frame>And other DOM tags, as well as the external chain of files such as background: […]

  • Refining front-end knowledge points: October


    1. Homologous cookie restriction Problem Description: The back-end egg adopts a login strategy based on JWT authentication and supplemented by session management user information, but it encounters a cookie homology restriction. Although the backend egg implements cross domain through CORS, cookies still strictly abide by the homology policy. When I submit the backend to the […]

  • Explain JS homology strategy and CSRF in detail


    catalogue summary SOP for homology strategy Homology limit Bypass cross domain Cross Site Request Forgery CSRF sketch SOP and ajax CSRF Countermeasures Cross domain resource sharing CORS Simple request Pre inspection request CORS and cookies summary This paper mainly involves three keywords: Same origin policy (SOP) Cross Site Request Forgery (CSRF) Cross origin resource sharing […]

  • Front end common cross domain solutions (all)


    What is cross domain? Cross domain means that a document or script in one domain attempts to request resources in another domain. Cross domain is generalized here. Broad cross domain: 1.) resource jump: a link, redirection, form submission 2.) resource embedding: < link >, < script >, < img >, < frame > and other […]

  • Linux + Apache cross domain configuration


    To understand cross domain, we must first understand the homology strategy. Homology policy is a very important security policy implemented for security in browsers. What is homology URLs are composed of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it indicates that they are […]

  • What is CSRF? What are the effective defense measures?


    During the interview, many factories like to ask questions about web security, such as what is CSRF and what are the preventive measures? This article will lead you to understand CSRF. What is CSRF? (Cross Site Request Forgery) is a network attack. Let’s understand it through an example: Xiao Ming landed on a bank websitewww.bank.com, […]

  • Browser cross domain


    Warehouse address of complete high frequency question bank:https://github.com/hzfe/aweso… Complete high frequency question bank reading address:https://hzfe.github.io/awesom… Related issues What is cross domain Why cross domain Why are there cross domain restrictions How to solve cross domain problems Answer key points CORS[1] Homology strategy[2] The source of cross domain problems is the browser forRequest securityBased onHomology strategySecurity […]