JavaScript跨域(3):HTTP access control (CORS)跨域
网上看了很多博客和文档,感觉还是Mozilla大大写的最简单、最好懂,不过文字很长。。 https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS 要整篇翻译,我肯定吃不消,当然也没这个必要,下面就提要说一点吧,这个方法还存在兼容性问题,尽
网上看了很多博客和文档,感觉还是Mozilla大大写的最简单、最好懂,不过文字很长。。
https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
要整篇翻译,我肯定吃不消,当然也没这个必要,下面就提要说一点吧,这个方法还存在兼容性问题,尽管有相应的解决手段,但是觉得用起来不是特别爽。
Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. For instance, a resource loaded from Domain A (http://domaina.example) such as an HTML web page, makes a request for a resource on Domain B (http://domainb.foo), such as an image, using the
imgelement (http://domainb.foo/image.jpg). This occurs very commonly on the web today — pages load a number of resources in a cross-site manner, including CSS stylesheets, images and scripts, and other resources.
跨站点的HTTP请求也就是从一个域名向另一个域名发送请求(POST,GET等),比如,从http://a.com向http://b.com请求一张图片(http://b.com/images.jpg),这种请求或者说这种现象是时有发生的,所以找到一个好方法来处理这类问题也是十分有必要的。
Mozilla大大说
如下,我们在http://foo.example向页面http://bar.example发送请求:
<span>var</span> invocation = <span>new</span><span> XMLHttpRequest();
</span><span>var</span> url = 'http://bar.other/resources/public-data/'<span>;
</span><span>function</span><span> callOtherDomain() {
</span><span>if</span><span>(invocation) {
invocation.open(</span>'GET', url, <span>true</span><span>);
invocation.onreadystatechange </span>=<span> handler;
invocation.send();
}
}</span>
可以看看服务器对浏览器的响应
GET /resources/public-data/ HTTP/1.1 <span>Host: bar.other User</span>-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<span> Accept</span>-Language: en-us,en;q=0.5<span> Accept</span>-<span>Encoding: gzip,deflate Accept</span>-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<span> Connection: keep</span>-<span>alive Referer: http:</span><span>//</span><span>foo.example/examples/access-control/simpleXSInvocation.html </span> Origin: http:<span>//</span><span>foo.example </span> <span> HTTP</span>/1.1 200 OK Date: Mon, 01 Dec 2008 00:23:53<span> GMT Server: Apache</span>/2.0.61 <span>Access-Control-Allow-Origin: *</span><span> Keep</span>-Alive: timeout=2, max=100<span> Connection: Keep</span>-<span>Alive Transfer</span>-<span>Encoding: chunked Content</span>-Type: application/xml <span> [XML Data]</span>
这些都是关于HTTP的一些数据和参数,如果不太明白的话,可以看看这本书《HTTP权威指南》
前半截是FF3.5发送的文件头请求,后半截是服务器的响应。你应该注意到了我标红的那些字,这个就是本文要讲述的重点。
在请求之前,我们也可以自己设定一些服务器要响应的内容
<span>var</span> invocation = <span>new</span><span> XMLHttpRequest();
</span><span>var</span> url = 'http://bar.other/resources/post-here/'<span>;
</span><span>var</span> body = '<?xml version="1.0"?><person><name>Arun</name></person>'<span>;
</span><span>function</span><span> callOtherDomain(){
</span><span>if</span><span>(invocation)
{
invocation.open(</span>'POST', url, <span>true</span><span>);
<span>invocation.setRequestHeader(</span></span><span>'X-PINGOTHER', 'pingpong'</span><span><span>);</span>
<span>invocation.setRequestHeader(</span></span><span>'Content-Type', 'application/xml'</span><span><span>);</span>
invocation.onreadystatechange </span>=<span> handler;
invocation.send(body);
}
......</span>
setRequestHeader顾名思义就是设置请求头的一些参数。
上面说了半天也就是告诉大家一些服务器和客户端相关参数设置和解释,还没太涉及到跨域的东西。
Cross Domain [跨域]
这是我放到SAE上的一段代码(http://1.qianduannotes.sinaapp.com/test/ACAO.php)
<span>php
</span><span>header</span>("Access-Control-Allow-Origin: *"<span>);
</span><span>//</span><span>header("Access-Control-Allow-Origin: http://yourURL.com");</span>
<span>echo</span> "hello world"<span>;
</span>?>
如果我没加header("Access-Control-Allow-Origin: *")这句话,你通过ajax或者其他方式来请求这个数据是会报错的,不信就可以试试这个链接http://1.qianduannotes.sinaapp.com/test/ACAO_none.php
其中的“*”表示所有域都可以访问,如果将Access-Control-Allow-Origin设置为一个特定的URL,那这个文件就只能被特定URL以及他的子域(http://yoururl.com/sub/)访问。
Compatibility [兼容性]
| Show all versions | IE | Firefox | Chrome | Safari | Opera | iOS Safari | Opera Mini | Android Browser | Blackberry Browser |
|---|---|---|---|---|---|---|---|---|---|
| 2.1 | |||||||||
| 2.2 | |||||||||
| 3.2 | 2.3 | ||||||||
| 4.0-4.1 | 3.0 | ||||||||
| 8.0 | 24.0 | 4.2-4.3 | 4.0 | ||||||
| 9.0 | 19.0 | 25.0 | 5.1 | 5.0-5.1 | 4.1 | ||||
| Current | 10.0 | 20.0 | 26.0 | 6.0 | 12.1 | 6.0 | 5.0-7.0 | 4.2 | 7.0 |
| Near future | 21.0 | 27.0 | 10.0 | ||||||
| Farther future | 22.0 | 28.0 |
最明显的就是IE(8、9)的bug,可以通过XDomainRequest来解决。
<span>//</span><span> 1. Create XDR object </span>
<span>var</span> xdr = <span>new</span><span> XDomainRequest();
</span><span>//</span><span> 2. Open connection with server using GET method</span>
xdr.open("get", "http://www.contoso.com/xdr.aspx"<span>);
</span><span>//</span><span> 3. Send string data to server</span>
xdr.send();
下面附上一个MSDN上的DEMO
XDomainRequest From MSDN
<span><span>html</span><span>></span>
<span><span>script </span><span>type</span><span>="text/javascript"</span><span>></span>
<span>var</span><span> xdr;
</span><span>function</span><span> readdata()
{
</span><span>var</span><span> dRes </span><span>=</span><span> document.getElementById(</span><span>'</span><span>dResponse</span><span>'</span><span>);
dRes.innerText </span><span>=</span><span> xdr.responseText;
alert(</span><span>"</span><span>Content-type: </span><span>"</span> <span>+</span><span> xdr.contentType);
alert(</span><span>"</span><span>Length: </span><span>"</span> <span>+</span><span> xdr.responseText.length);
}
</span><span>function</span><span> err()
{
alert(</span><span>"</span><span>XDR onerror</span><span>"</span><span>);
}
</span><span>function</span><span> timeo()
{
alert(</span><span>"</span><span>XDR ontimeout</span><span>"</span><span>);
}
</span><span>function</span><span> loadd()
{
alert(</span><span>"</span><span>XDR onload</span><span>"</span><span>);
alert(</span><span>"</span><span>Got: </span><span>"</span> <span>+</span><span> xdr.responseText);
}
</span><span>function</span><span> progres()
{
alert(</span><span>"</span><span>XDR onprogress</span><span>"</span><span>);
alert(</span><span>"</span><span>Got: </span><span>"</span> <span>+</span><span> xdr.responseText);
}
</span><span>function</span><span> stopdata()
{
xdr.abort();
}
</span><span>function</span><span> mytest()
{
</span><span>var</span><span> url </span><span>=</span><span> document.getElementById(</span><span>'</span><span>tbURL</span><span>'</span><span>);
</span><span>var</span><span> timeout </span><span>=</span><span> document.getElementById(</span><span>'</span><span>tbTO</span><span>'</span><span>);
</span><span>if</span><span> (window.XDomainRequest)
{
xdr </span><span>=</span> <span>new</span><span> XDomainRequest();
</span><span>if</span><span> (xdr)
{
xdr.onerror </span><span>=</span><span> err;
xdr.ontimeout </span><span>=</span><span> timeo;
xdr.onprogress </span><span>=</span><span> progres;
xdr.onload </span><span>=</span><span> loadd;
xdr.timeout </span><span>=</span><span> tbTO.value;
xdr.open(</span><span>"</span><span>get</span><span>"</span><span>, tbURL.value);
xdr.send();
}
</span><span>else</span><span>
{
alert(</span><span>'</span><span>Failed to create</span><span>'</span><span>);
}
}
</span><span>else</span><span>
{
alert(</span><span>'</span><span>XDR doesn</span><span>'</span><span>t exist</span><span>'</span><span>);
}
}
<h2 id="XDomainRequest">XDomainRequest</h2>
<input type="text" id="tbURL" value="http://www.contoso.com/xdr.txt"></span></span></span>
Reference [参考资料]
1.Mozilla
2.MSDN
3.http://caniuse.com/
4.屈屈(关闭了页面,链接给忘了,^_^)
Explain the role of InnoDB redo logs and undo logs.Apr 15, 2025 am 12:16 AMInnoDB uses redologs and undologs to ensure data consistency and reliability. 1.redologs record data page modification to ensure crash recovery and transaction persistence. 2.undologs records the original data value and supports transaction rollback and MVCC.
What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?Apr 15, 2025 am 12:15 AMKey metrics for EXPLAIN commands include type, key, rows, and Extra. 1) The type reflects the access type of the query. The higher the value, the higher the efficiency, such as const is better than ALL. 2) The key displays the index used, and NULL indicates no index. 3) rows estimates the number of scanned rows, affecting query performance. 4) Extra provides additional information, such as Usingfilesort prompts that it needs to be optimized.
What is the Using temporary status in EXPLAIN and how to avoid it?Apr 15, 2025 am 12:14 AMUsingtemporary indicates that the need to create temporary tables in MySQL queries, which are commonly found in ORDERBY using DISTINCT, GROUPBY, or non-indexed columns. You can avoid the occurrence of indexes and rewrite queries and improve query performance. Specifically, when Usingtemporary appears in EXPLAIN output, it means that MySQL needs to create temporary tables to handle queries. This usually occurs when: 1) deduplication or grouping when using DISTINCT or GROUPBY; 2) sort when ORDERBY contains non-index columns; 3) use complex subquery or join operations. Optimization methods include: 1) ORDERBY and GROUPB
Describe the different SQL transaction isolation levels (Read Uncommitted, Read Committed, Repeatable Read, Serializable) and their implications in MySQL/InnoDB.Apr 15, 2025 am 12:11 AMMySQL/InnoDB supports four transaction isolation levels: ReadUncommitted, ReadCommitted, RepeatableRead and Serializable. 1.ReadUncommitted allows reading of uncommitted data, which may cause dirty reading. 2. ReadCommitted avoids dirty reading, but non-repeatable reading may occur. 3.RepeatableRead is the default level, avoiding dirty reading and non-repeatable reading, but phantom reading may occur. 4. Serializable avoids all concurrency problems but reduces concurrency. Choosing the appropriate isolation level requires balancing data consistency and performance requirements.
MySQL vs. Other Databases: Comparing the OptionsApr 15, 2025 am 12:08 AMMySQL is suitable for web applications and content management systems and is popular for its open source, high performance and ease of use. 1) Compared with PostgreSQL, MySQL performs better in simple queries and high concurrent read operations. 2) Compared with Oracle, MySQL is more popular among small and medium-sized enterprises because of its open source and low cost. 3) Compared with Microsoft SQL Server, MySQL is more suitable for cross-platform applications. 4) Unlike MongoDB, MySQL is more suitable for structured data and transaction processing.
How does MySQL index cardinality affect query performance?Apr 14, 2025 am 12:18 AMMySQL index cardinality has a significant impact on query performance: 1. High cardinality index can more effectively narrow the data range and improve query efficiency; 2. Low cardinality index may lead to full table scanning and reduce query performance; 3. In joint index, high cardinality sequences should be placed in front to optimize query.
MySQL: Resources and Tutorials for New UsersApr 14, 2025 am 12:16 AMThe MySQL learning path includes basic knowledge, core concepts, usage examples, and optimization techniques. 1) Understand basic concepts such as tables, rows, columns, and SQL queries. 2) Learn the definition, working principles and advantages of MySQL. 3) Master basic CRUD operations and advanced usage, such as indexes and stored procedures. 4) Familiar with common error debugging and performance optimization suggestions, such as rational use of indexes and optimization queries. Through these steps, you will have a full grasp of the use and optimization of MySQL.
Real-World MySQL: Examples and Use CasesApr 14, 2025 am 12:15 AMMySQL's real-world applications include basic database design and complex query optimization. 1) Basic usage: used to store and manage user data, such as inserting, querying, updating and deleting user information. 2) Advanced usage: Handle complex business logic, such as order and inventory management of e-commerce platforms. 3) Performance optimization: Improve performance by rationally using indexes, partition tables and query caches.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Dreamweaver Mac version
Visual web development tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
