Recently I encountered a problem at work aspects of cross-domain, thereby consolidate review.
Cross-domain is subject to the browser's same-origin policy caused, in order to prevent certain document or script loaded unknown content in the other domain pose a security leak privacy acts, sabotage systems.
What is homologous to do?
Homologous means: application protocol, domain (host or IP) and port the same URL, any difference is a cross-domain.
Cross-domain bluntly say that the browser will restrict JS obtain data from different source addresses by xhr request.
Currently the main way to solve the problem of cross-domain:
Like <img>, <script>, the way <iframe> such as labels and jsonp connection request method actually rarely used in the project.
Commonly used are:
1, CORS (cross-domain resource sharing, Cross-Origin Resource Sharing) is to ensure the safety of the request by the client + server collaboration declarations. The server can add parameters in the HTTP response header
"Access-Control-Allow-Origin: * or https://www.baidu.com", to restrict which domains the request and what type of request can be accepted, and the client must declare their source (Orgin when initiating the request, add their own when sending a request by the browser).
2, nginx as a reverse proxy server, http request is forwarded to another number or server. By a local url prefix mapped to the web server to be accessed across domains, you can achieve cross-domain access. For the browser, the visit is a url on homologous server. By detecting the url nginx prefix http request forwarded back to the real physical server.
{Server
LOCATION / {
the root / WWW / Data;
index index.html index.htm;
// allow cross-domain access to cros
the add_header 'Access-Control-the Allow-Origin' '*';
}
// custom local path
location / apis {
proxy_pass http://www.abc.com;
}
}