What is cross-domain: the lack of conformity source strategy, which is protocol, IP, port there is an inconsistency that is cross-domain, thereby limiting interactions.
Why does the browser cross-domain limitations: avoid data security problems, if there is no cross-domain restrictions, free to read cookie at any domain name, it is prone to CSRF attacks.
For browsers, what resources will be limited same-origin policy: DOM, cookie, XMLHttpRequest, third-party plug-ins.
What's wrong with cross-domain restrictions: Users can not interact behavior, meaning access to the Internet where?
How to solve cross-domain problems:
1, Cross-Origin Resource Sharing (CORS): Setting Access-Control-Allow-Origin: *
the introduction of a js file via a script tag, this js file loaded successfully: 2, jsonP (only supports GET) we will perform the functions specified in the url parameter, and we need the json data as a parameter.
3, by webSocket cross-domain: it is a browser-api, same-origin policy does not apply to webSocket.
4, window.name to use cross-domain: Whether or not homologous, as long as in the same window, has read and write permissions.