Home  >  Article  >  Web Front-end  >  Detailed explanation of JS origin policy + cross-domain access usage

Detailed explanation of JS origin policy + cross-domain access usage

php中世界最好的语言
php中世界最好的语言Original
2018-04-20 13:35:541664browse

This time I will bring you a detailed explanation of the use of the JS same-origin policy for cross-domain access. What are the precautions for the use of the JS same-origin policy for cross-domain access? The following is a practical case, let’s take a look.

1. What is the same-origin policy

To understand cross-domain, you must first understand the same-origin policy. The Same Origin Policy is a very important security policy implemented on browsers for security reasons.

What is the same origin:

URL consists of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it means that they have the same origin. .

Same origin policy:

The browser's same origin policy restricts "documents" or scripts from different sources from reading or setting the current "document" certain attributes. (White hat talks about web security [1])

Scripts loaded from one domain are not allowed to access document attributes of another domain.

For example:

For example, a malicious website page embeds a bank’s login page through an iframe (the two are from different sources). If there is no same-origin restriction, the javascript script on the malicious webpage will The username and password can be obtained when the user logs into the bank.

In the browser, tags such as