Home  >  Article  >  Web Front-end  >  Detailed explanation of JS origin and cross-domain access implementation

Detailed explanation of JS origin and cross-domain access implementation

php中世界最好的语言
php中世界最好的语言Original
2018-06-11 15:21:321092browse

This time I will bring you a detailed explanation of the implementation of JS same-origin and cross-domain access. What are the precautions for the implementation of JS homology and cross-domain access? The following is a practical case, let’s take a look.

1. What is the same-origin policy

#To understand cross-domain, you must first understand the same-origin policy. The Same Origin Policy is a very important security policy implemented on browsers for security reasons.

What is the same origin:

URL consists of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it means that they have the same origin. .

Same origin policy:

The browser's same origin policy restricts "documents" or scripts from different sources from reading or setting the current "document" certain attributes. (White hat talks about web security [1])

Scripts loaded from one domain are not allowed to access document attributes of another domain.

For example:

For example, a malicious website page embeds a bank’s login page through an iframe (the two are from different sources). If there is no same-origin restriction, the javascript script on the malicious webpage will The username and password can be obtained when the user logs into the bank.

In the browser, tags such as