XMLHttpRequest can not load cross-domain problem solving

Others 2019-06-14 09:20:16 views: null

Why 80% of the code can not do farming architect? >>>  hot3.png

Among the many station group, the different functions of the system using a separate domain, there is a relationship of mutual calls between systems. Js use of XMLHttpRequest calls to other domain suggesting that lack of cross-domain permissions. Some may think that all belong to the same top-level domain or domain name exactly how there will be cross-domain problems. First look at the error "XMLHttpRequest can not load http://comment.ttlsa.com/api/post?id=1&msg=123123123&code= 453423 & username = cool white open Origin http://www.ttlsa.com is not allowed by Access- Control-Allow-Origin. " What is Access-Control-Allow-Origin a server Access-Control-Allow-Origin is defined in HTML5 end return Response header, used to solve resources (such as fonts) cross-domain privilege issues. It defines the resources which allow referenced domain or domains referenced by all (google fonts using font * represents all domains referenced resources permit). What is cross-domain resource permissions Let's look at the same field and looks different domains of the same domain http://www.ttlsa.com/ http://www.ttlsa.com/nginx different domain http: //www.ttlsa. the same com http://bbs.ttlsa.com https://www.ttlsa.com http://www.ttlsa.com:8080 Thus, the same domain must live busy protocol, the same interface, the same domain name. as long as it is not satisfied that cross-domain cross-domain site www.ttlsa.com case you need to call comment.ttlsa.com/api/post.php, then this must be added the following code post.php Code 1 
header("Access-Control-Allow-Origin: http://www.ttlsa.com");
Code 2 header can not use a regular manner, e.g. * .ttlsa.com, but we can use the following methods, the content of the echo response content to php 
echo '<meta http-equiv="Access-Control-Allow-Origin" content="*.ttlsa.com">';
It is unclear why the header which does not take regular, and meta which can use regular Follow-up to find the cause, please leave a message to inform the brothers know, in this thanked niche can be seen from the above code, the code 1 security is not enough, but using the interface of people will get to the body content of the response. Code 2 is relatively safe, but the body content of the response body which contains the <meta http-equiv = "Access-Control-Allow-Origin" content = "*. Ttlsa.com">, how much influence the use of the interface. Please indicate the source : http: //www.ttlsa.com/html/3178.html

Reproduced in: https: //my.oschina.net/766/blog/211328

Guess you like

Origin blog.csdn.net/weixin_34161083/article/details/91548465
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com