Why there is no cross-domain problem for form form submission, but cross-domain problem for ajax submission?
Many answers:
Cross-domain is a security mechanism for browsers, and there is no cross-domain form submission because there is no cross-domain security problem in the case of form submission. Ajax submission cross-domain, or cross-domain between iframes, will have security issues.
The point is that if you can get the information returned by the server, cross-domain is dangerous.
Cross-domain restrictions are requests initiated from js, and requests initiated by forms do not require js.
The so-called cross-domain problem is just the rules imposed by the browser on js, and the world has no cross-domain restrictions. It is the browser that enforces that js is not allowed to access other domains, but the browser does not restrict itself. For example, img tags can load images from any domain, and script can load js from any domain. For another example, you can't get the city address information corresponding to the ip from the front-end js to adjust Taobao's interface, but you can tap on the browser's address bar to open it directly.
Ajax cross-domain is a restriction set on js because the browser needs to protect the user's security and privacy. If you write your own browser to remove this restriction, then js can be accessed arbitrarily across domains.
The form form can be cross-domain. One is to maintain compatibility for historical reasons, and the other is that the form form will refresh the page and will not return the result to js, so it is relatively safe.
Using jsonp to cross-domain actually takes advantage of the browser's historical compatibility , and the latest font resources do not allow direct cross-domain references.