Browsers allow cross-domain settings (not for production, development)

Article source: http://www.cnblogs.com/LiuChunfu/p/8072448.html

Browsers allow cross-domain settings (not for production, development)

Firefox

I have seen the method of turning off cross-domain restrictions under FF before:

Firefox has strong security and does not allow cross-domain calls. If Firefox wants to cancel the cross-domain restriction of XMLHttpRequest

  1. Set signed.applets.codebase_principal_support = true from about:config; (enter about:config in the address bar to set firefox)
  2. Add code similar to the following before the open code function:
try {
    netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
    alert("Permission UniversalBrowserRead denied.");
} 

Chrome

When doing webapp development with front and back separation, it is often necessary to set the browser to support cross-domain mode for some reasons. Fortunately, the chrome browser supports cross-domain settings, and there are many chrome cross-domain settings tutorials on the Internet. However, the new version of the chrome browser has raised the threshold for cross-domain settings, and the original method is no longer applicable. The following author briefly introduces the cross-domain setting method of the new version of chrome.

Cross-origin settings before version 49

Let’s first introduce the old method, refer to some online tutorials, in fact, directly add --disable-web-security to the open command.

The specific method is:

1. After downloading and installing the chorme browser, find the shortcut icon of the browser on the desktop and click the property column of the right mouse button.
2. Add --disable-web-security to the target input box in the property page as shown below:

3. Click Apply and OK to close the properties page and open the chrome browser. If the browser prompts "You are using an unsupported command flag --disable-web-security", then the configuration is successful.

Chrome cross domain settings after version 49

After the version of chrome is upgraded to 49, the cross-domain settings are stricter than before. After adding --disable-web-security to the open command, it is necessary to give a new directory of user personal information. As we all know, chrome is a browser that needs to log in with a gmail address. After logging in, a directory for storing personal information will be generated, and personal information such as user's favorites and historical records will be saved. After version 49, if you set the chrome browser to support cross-domain mode, you need to specify a personal information directory instead of the default directory. It is estimated that the chrome browser is afraid that users should not use the cross-domain mode to leak their personal information (mainly cookie, the login token information of many websites is stored in the cookie).

The specific method is:

1. Create a new directory on the computer, for example: C:\MyChromeDevUserData

2. Add --disable-web-security --user-data-dir=C:\MyChromeDevUserData to the target input box in the property page, and the value of --user-data-dir is the newly created directory.

3. Click Apply and OK to close the properties page and open the chrome browser.

Open chrome again and find a prompt related to "--disable-web-security", indicating that chrome can work normally across domains again.

After the cross-domain is successful, the home page is replaced by the welcome page of google. At the same time, the original favorite links and historical records are gone, and new files related to personal information are generated in the C:\MyChromeDevUserData directory.



Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325605955&siteId=291194637