Cross-domain processing method 1: nginx reverse proxy

What is cross-domain
cross-domain, referring to the browser can not execute scripts other sites. It is caused by the browser's same-origin policy, are browser security restrictions imposed on javascript.
The so-called homologous refers to the domain, protocol, the same port. When the browser execute javascript script, the script will check that the page belongs to, if not homologous to the page, it will not be executed.
The purpose of the same-origin policy is to prevent hackers do rapist to do some family activities. For example, if a bank's application allows users to upload a web page, if there is no same-origin policy, a hacker could write a login form to submit to your own server, get on a page looks quite tall. Hackers this page by mail to users, users mistakenly believe that this is the main page of a bank landing, they will reveal their user data. And because the browser's same-origin policy, hackers can not receive the form data.
Now with the popularity of RESTFUL, many applications API http / https interface, providing services through xml / json format Externally, implement open architecture. For example, microblogging, letter, weather, openstack other sites and applications offer restful interface. Web applications are also developed to a single page orientation. More and more web applications now an architecture: static single web page ajax call RESTFUL service we could use the API provided by each site, make a lot of exciting Web applications. But the browser perform cross-domain restrictions when javascript, has become a stumbling block this type of open architecture. This paper presents a simple and effective way to solve cross-domain problems. Commonly used cross-domain methods commonly used in this method has a number of cross-domain: 1, using the iFrame to access another domain. Then read the contents of the iFrame from another page. jquery some other packages.














It is said that Firefox, etc. may not support read the contents of another iFrame.
2, jsonp. Need server support. Script src obtained using dynamic java code section. Js callback function is on the page, the parameter is a json object.
jquery also encapsulated.
3, is provided http header, Access-Control-Allow-Origin : *
but is said to have some versions IE does not recognize the http header.
4, a proxy server. For example, the server process to write a url of action. Its argument is a url. This server will be put together with a parameter url, with httpclient library to perform url, then read the contents of re-export to the http client. nginx reverse proxy cross-domain realization of these cross-domain methods mentioned above, there are some problems. Some can not support all browsers, and some need to modify the javascript code, and some server-side code needs to be rewritten. There will be some problems in the session and other scenes. In fact, using nginx reverse proxy to achieve cross-domain, cross-domain is the easiest way. Nginx only need to modify the configuration can solve the problem of cross-domain support all browsers, supports session, without modifying any code and does not affect server performance. We only need to configure nginx, configure multiple prefixes on a server to forward http / https requests to multiple real server. In this way, this url on all servers are the same domain name, protocol and port. Thus, for browsers, which are homologous to the url, there is no cross-domain restrictions. In fact, these url in fact served by physical servers. Javascript within these servers can be cross-domain call all these url on the server. Next, the support is given an example of cross-domain nginx will be specifically described. For example, we have two pythonflask development projects: testFlask1 and testFlask2.










testFlask2 javascript script on a project to be called by ajax url testFlask1 way, get some data.
Deployed under normal circumstances, there will be cross-domain problem, your browser to refuse such calls performed as follows.
<ignore_js_op>

below the testFlask2 project javascrip file to change it. Such access homologous url, there would be no cross-domain issues.
<ignore_js_op>

However, we testFlask2 project is actually no such url partners / json, then how to handle it?
We could write nginx configuration file:
<ignore_js_op>

We testFlask2 project deployment in the root directory of the 8080 port. To provide web services deployed in testFlask1 project / partners directory.
But our testFlask1 project and can not handle / partners / url request such json. then what should we do?
By rewrite ^ + partners /?(.*)$ / $ 1 break; this one command, nginx can receive / partners / * convert the entire request / * request and then forwarded to the real web server behind.
In this way, ajax client RESTFUL, just need to give specific url prefix can call RESTFUL interface to any server to offer.
Even by nginx reverse proxy, we can call RESTFUL interfaces developed by other companies website.
Such as,
<ignore_js_op>

we'll move our entire website sohu 8080: / sohu / directory, and you can enjoy our javascript call its RESTFUL served.
By the way, rewrite ^ + sohu /?(.*)$ / $ 1 break;. Sentence command, $ 1 indicates that the part (*). Parameters (in) a first pair of $ 1, the parameter (in) is the second pair of $ 2, and so on. Summary This article describes the function of using the nginx reverse proxy, implementation and application of cross-domain access to any site. nginx is a high-performance web servers, commonly used as a reverse proxy server. nginx as a reverse proxy server, http request is forwarded to another number or server. By a local url prefix mapped to the web server to be accessed across domains, you can achieve cross-domain access. For the browser, the visit is a url on homologous server. By detecting the url nginx prefix http request forwarded back to the real physical server. And then removed by the rewrite command prefix. Such real server can process the request properly, and did not know this request is coming from the proxy server. Simply put, nginx server browser deceived into thinking this is homologous to call, so as to solve the problem of cross-domain browser. And by rewriting the url, deceived real server, it is thought that the http request directly from the user's browser. Thus, in order to solve cross-domain problem, just moving about nginx configuration file. Simple, powerful, and efficient!