码迷,mamicode.com
首页 > Web开发 > 详细

web跨域问题

时间:2018-09-01 18:07:37      阅读:165      评论:0      收藏:0      [点我收藏+]

标签:main   one   jquery   target   origin   fir   jquer   rip   script   

  Recently, I joined on a program about the chrome extension and met with some problem that is about web cross doamin. so I collect some information about this.

 

  First, We must know what is cross domain. Popularly, cross domain is that a domain sends a request to another domain. There are some performances.

    1: same domain, but not port. Like this, www.domain.com:80,  www.domain.com:8080.

    2: same domain, but not scheme. Like this, http://www.domain.com, https://www.domain.com.

    3: the domain with corresponding ip. Like this, http://www.domain.com, http://128.112.1.21/.

    4: different domain.

    5: subdomains are different.

  As mentioned above, there are all cross domain,  however, why has cross domain? please following up with me.

  Now we must mention a word, SOP(same origin policy), this is about web browser safety, if not sop,  we maybe afford some hack behavoirs, like Xss, CSFR...

  So, there are some SOP limits to web browser:

    1: can‘t send ajax

    2: can‘t read cookie, indexDB or something

    3: dom and js object can‘t be got.

  But we can move around by some solutions.

    1:jsonp. we cant create a tag script and request to domain.

    

1 var scriptTag = document.createElement("script");
2 scriptTag.src = "http://www.domain.com?user=admin&callback=callBackFunction";
3 scriptTag.type = "text/javascript";
4 document.head.appendChiild(scriptTag);
5 
6 
7 function callBackFunction(data){
8    console.log(data);           
9 }

    also, you can use Jquery. but the server must return callback function .

    2:  postMessage. 

      targetWindow.postMessage(message, origin). you can use parent window to open another window and post message to it, but the child window must use window.addEventListener to llisten the message. however, sometimes, the child window maybe listen a lot of message, you shouldn‘t use the origin with *,  and attention, the child window must be fully loaded ,the parent window can send message to it ,otherwise the child window can‘t get message.

    

1 // parentWinow
2 childWindow.postMessage(data, "domain");
3 
4 //child window
5 window.onload = function(){
6     window.addEventListener("mesage", function(data){
7         console.log(data);
8     })  
9 }

 

    3: cors. maybe this method is common .  you need to set ajax request with withCredentials and set property(Access-Control-Allow-Credentials) is true, 

      and property(Access-Control-Allow-Origin) to yuor domain.

     

Also, there are some resolutions to solve with the problem. And for chrome extension, don‘t add request domain to permissions(manifest.json), because of the security for customer.

  

  

 

web跨域问题

标签:main   one   jquery   target   origin   fir   jquer   rip   script   

原文地址:https://www.cnblogs.com/TigerandRose/p/9569838.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!