1. What is cross-domain? Why is there cross-domain?
①, broadly defined: a domain document or script tries to request another domain in resources, such as: www.baidu.com to request resources at www.google.com; similar as: resource jump (<a > Tag link, redirect, form submission), resource embedding (<link>, <script>, <img>, <frame> and other DOM tags), script request (Ajax request initiated by JS, etc.)
Narrow definition: a type of request scenario restricted by browser homology policy, which is what we usually say about cross-domain issues
② Because of the browser's " same-origin policy "
What is a homology strategy? Why is there a homology strategy?
a. Same Origin Policy / SOP (Same origin policy) is a convention introduced by Netscape in 1995. It is the core and most basic security function of the browser. If the same origin policy is missing, the browser is easy Attacked by XSS, CSFR, etc.
The so-called homology means that the " protocol + domain name + port " are the same, even if two different domain names point to the same ip address, they are not homologous.
b. Security restrictions imposed by the browser
Second, the cross-domain solution?
1. Through jsonp cross domain
2, document.domain + iframe cross domain
3, location.hash + iframe
4, window.name + iframe cross domain
5, postMessage cross domain