Generally, our video networking cloud platform EasyCVS is used with EasyCVR. The video networking cloud platform EasyCVS can perform unified analysis and management of EasyCVR, which is suitable for many different project scenarios.
When our R&D staff called the EasyCVS service on the front end, we found that the server reported an error Access-Control-Allow-Origin:
We can see these keywords: Access-Control-Allow-Origin, the first reaction is to consider whether this error is caused by cross-domain.
In the front-end field, cross-domain means that the browser allows to send cross-domain requests to the server, thereby overcoming the restriction that Ajax can only be used from the same source.
2. What is the same-origin strategy?
The same-origin policy is an agreement. It was introduced by Netscape in 1995. It is the core and most basic security function of the browser. If the same-origin policy is missing, the browser is vulnerable to XSS, CSFR and other attacks. The so-called homology refers to the same "protocol + domain name + port", even if two different domain names point to the same ip address, they are not homologous.
The same-origin policy restricts the following behaviors:
- Cookie, LocalStorage and IndexDB cannot be read
- DOM and JS objects are not available
- AJAX request cannot be sent
3. Common cross-domain scenarios
4. The backend supports cross-domain requests
Because the EasyCVS back-end service and the EasyCVS front-end are developed separately, and the front-end is deployed through Nginx, which belong to different services, the front-end requests the back-end interface will cause cross-domain problems. Therefore, the EasyCVS backend needs to support cross-domain requests.
EasyCVS back-end configuration can access interfaces for all domain names, and supports requests in the form of GET, POST, PUT, PATCH, OPTIONS, and DELETE. At this point, EasyCVS front-end request back-end interface will not cause the above problem.