When we encounter Access-Control-Allow-Origin in the request background interface , it means cross-domain.
Cross-domain is caused by the same-origin policy of the browser. The same-origin policy (Same origin policy) is a convention, which is the core and most basic security function of the browser. The same-origin refers to: the domain name, protocol, and port are the same
Common methods to solve cross-domain:
1. Proxy is commonly used in VUE2.0 to solve cross-domain problems
1. Set the following code snippet in vue.config.js
module.exports = {
dev: {
// Paths
assetsSubDirectory: 'static',
assetsPublicPath: '/',
proxyTable: { // 配置跨域
'/api':{
target:`http://www.baidu.com`, //请求后台接口
changeOrigin:true, // 允许跨域
pathRewrite:{
'^/api' : '' // 重写请求
}
}
},
}
2. When creating an axioss instance, set the baseUrl to '/api'
const http = axios.create({
timeout: 1000 * 1000000,
withCredentials: true,
BASE_URL: '/api'
headers: {
'Content-Type': 'application/json; charset=utf-8'
}
})
2. JSONP solves cross-domain
Jsonp (JSON with Padding) is a "use mode" of json, which allows web pages to obtain data from other domain names (websites), that is, to read data across domains.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<div id="textID"></div>
<script type="text/javascript">
function text_jsonp(req){
// 创建script的标签
var script = document.createElement('script');
// 拼接 url
var url = req.url + '?callback=' + req.callback.name;
// 赋值url
script.src = url;
// 放入头部
document.getElementsByTagName('head')[0].appendChild(script);
}
</script>
</body>
</html>
3. CORS is cross-origin resource sharing (Cross-Origin Resource Sharing), which uses ajax to request resources across domains, supports modern browsers, and IE supports more than 10
In a CORS request, the header information contains the following three fields:
Access-Control-Allow-Origin: This field is required. Its value is either Origin
the value of the field at the time of the request, or one *
, indicating that it accepts requests from any domain name,
Access-Control-Allow-Credentials: Optional, the value is a Boolean value, indicating whether to allow sending cookies. By default, cookies are not included in CORS requests. If it is set true
, it means that the server expressly allows that Cookie can be included in the request and sent to the server together. This value can only be set totrue。如果要发送Cookie,Access-Control-Allow-Origin必须设置为必须指定明确的、与请求网页一致的域名
Access-Control-Expose-Headers: Optional. When CORS requests, the method XMLHttpRequest
of the object getResponseHeader()
can only get 6 basic fields: Cache-Control
, Content-Language
, Content-Type
, Expires
, Last-Modified
, Pragma
. If you want to get other fields, you must Access-Control-Expose-Headers
specify in it
For a detailed explanation, please refer to Ruan Dashen's article, attached to the portal: CORS Detailed Explanation
Fourth, iframe realizes cross-domain
iframe(src){
//数组
if(Array.isArray(src)){
this.docs.visible = true;
}else{
this.docs.visible = false;
}
this.link = src
if(this.docs.visible == false){
if(this.$refs['ruleIframe'] && this.$refs['ruleIframe'].querySelector('iframe')){
this.$refs['ruleIframe'].querySelector('iframe').remove() //删除自身
}
var iframe = document.createElement('iframe');
iframe.width = '100%';
iframe.height = '100%';
iframe.setAttribute('frameborder','0')
iframe.src = src;
this.append(iframe)
}
},
//创建元素 防止 获取不到 ruleIframe 递归
append(iframe){
if(this.$refs['ruleIframe']){
this.$refs['ruleIframe'].appendChild(iframe);
return
}
setTimeout(()=>{
this.append(iframe);
},500)
},
Thank you for reading~
Hope to help everyone