Home >Web Front-end >JS Tutorial >Analyzing jsonp cross-domain access from both front-end and back-end perspectives
Extensions to verify legality in php5. In PHP5.2, legality can be verified through the built-in extension filter.
1. What is cross-domain access
For example: In website A, we hope to use Ajax to obtain specific content in website B. If website A and website B are not in the same domain, then there will be a cross-domain access problem. You can understand that two domain names cannot send requests or request data across domain names, otherwise it will be unsafe. Cross-domain access violates the same origin policy. For detailed information on the same origin policy, you can click on the following link: Same-origin_policy;
In short, the same origin policy stipulates that the browser's ajax can only access the same HTML page as its Source (same domain name or IP) resources. 2. What is JSONPJSONP (JSON with Padding) is a "usage mode" of JSON that can be used to solve the problem of cross-domain data access by mainstream browsers.Due to the same-origin policy, generally speaking, web pages located at server1.example.com cannot communicate with servers other than server1.example.com, and HTML's
3f1c4e4b6b16bbbd69b2ee476dc4f83a Elements are an exception. Using this open strategy of the
3f1c4e4b6b16bbbd69b2ee476dc4f83a element, web pages can obtain JSON data dynamically generated from other sources, and this usage pattern is the so-called JSONP. The data captured with JSONP is not JSON, but arbitrary JavaScript, which is executed with a JavaScript interpreter instead of parsed with a JSON parser. More specific principles require more space to explain, and you can go to Baidu by yourself.
$.ajax({ type:"GET", url:"http://www.deardull.com:9090/getMySeat", //访问的链接 dataType:"jsonp", //数据格式设置为jsonp jsonp:"callback", //Jquery生成验证参数的名称 success:function(data){ //成功的回调函数 alert(data); }, error: function (e) { alert("error"); } });What needs to be noted is:
When Jquery sends an Ajax jsonp request, it will automatically add a verification parameter after the access link. This parameter is randomly generated by Jquery, such as the link
http ://www.deardull.com:9090/getMySeat?callback=jQuery31106628680598769732_1512186387045&_=1512186387046
, parameter
callback=jQuery31106628680598769732_15121863 87045&_=1512186387046 is automatically added by jquery.
The purpose of adding this parameter is to uniquely identify this request. When the server receives the request, it needs to construct the value of the parameter with the actual json value to be returned (how to construct it is explained below) and return it, and the front end will verify this parameter. If it is the parameter it sent before, then The data will be received and parsed. If it is not this parameter, then it will be rejected.
What needs special attention is the name of this verification parameter (I wasted 2 hours on this pit). This name comes from the value of the front-end
jsonp parameter. If the value of the front-end jsonp parameter is changed to "aaa", then the corresponding parameter should be aaa=jQuery311106628680598769732_1512186387045&_=1512186387046
In order to cooperate with json, what the server needs to do can be summarized into two steps:
@ResponseBody @RequestMapping("/getJsonp") public String getMySeatSuccess(@RequestParam("callback") String callback){The second step is to construct parameters and return Combine the received verification parameter callback with the actual json data to be returned Constructed according to the "callback(json)" method:
@ResponseBody @RequestMapping("/getMySeat") public String getMySeatSuccess(@RequestParam("callback") String callback){ Gson gson=new Gson(); //google的一个json工具库 Map<String,String> map=new HashMap<>(); map.put("seat","1_2_06_12"); return callback+"("+gson.toJson(map)+")"; //构造返回值 }IV. SummaryFinally, the corresponding code for the front and back ends should be like this:
Front end
$.ajax({ type:"GET", url:"http://www.deardull.com:9090/getMySeat", //访问的链接 dataType:"jsonp", //数据格式设置为jsonp jsonp:"callback", //Jquery生成验证参数的名称 success:function(data){ //成功的回调函数 alert(data); }, error: function (e) { alert("error"); } });
Backend
@ResponseBody @RequestMapping("/getMySeat") public String getMySeatSuccess(@RequestParam("callback") String callback){ Gson gson=new Gson(); Map<String,String> map=new HashMap<>(); map.put("seat","1_2_06_12"); logger.info(callback); return callback+"("+gson.toJson(map)+")"; }It should be noted that:
As an example: In website A, we hope to use Ajax to obtain specific content in website B. If website A and website B are not in the same domain, then there will be a cross-domain access problem. You can understand that two domain names cannot send requests or request data across domain names, otherwise it will be unsafe. Cross-domain access violates the same-origin policy. For detailed information on the same-origin policy, you can click on the following link: Same-origin_policy; Domain name or IP) resources.
JSONP (JSON with Padding) is a "usage mode" of JSON that can be used to solve the problem of cross-domain data access by mainstream browsers.Due to the same-origin policy, generally speaking, web pages located at server1.example.com cannot communicate with servers other than server1.example.com, and HTML's
3f1c4e4b6b16bbbd69b2ee476dc4f83a Elements are an exception. Using this open strategy of the
3f1c4e4b6b16bbbd69b2ee476dc4f83a element, web pages can obtain JSON data dynamically generated from other sources, and this usage pattern is the so-called JSONP. The data captured with JSONP is not JSON, but arbitrary JavaScript, which is executed with a JavaScript interpreter instead of parsed with a JSON parser. More specific principles require more space to explain, and you can go to Baidu by yourself.
$.ajax({ type:"GET", url:"http://www.deardull.com:9090/getMySeat", //访问的链接 dataType:"jsonp", //数据格式设置为jsonp jsonp:"callback", //Jquery生成验证参数的名称 success:function(data){ //成功的回调函数 alert(data); }, error: function (e) { alert("error"); } });What needs to be noted is:
When Jquery sends an Ajax jsonp request, it will automatically add a verification parameter after the access link. This parameter is randomly generated by Jquery, such as the link
http ://www.deardull.com:9090/getMySeat?callback=jQuery31106628680598769732_1512186387045&_=1512186387046
, parameter
callback=jQuery31106628680598769732_15121863 87045&_=1512186387046 is automatically added by jquery.
The purpose of adding this parameter is to uniquely identify this request. When the server receives the request, it needs to construct the value of the parameter with the actual json value to be returned (how to construct it is explained below) and return it, and the front end will verify this parameter. If it is the parameter it sent before, then The data will be received and parsed. If it is not this parameter, then it will be rejected.
What needs special attention is the name of this verification parameter (I wasted 2 hours on this pit). This name comes from the value of the front-end
jsonp parameter. If the value of the front-end jsonp parameter is changed to "aaa", then the corresponding parameter should be aaa=jQuery311106628680598769732_1512186387045&_=1512186387046
In order to cooperate with json, what the server needs to do can be summarized into two steps:
@ResponseBody @RequestMapping("/getJsonp") public String getMySeatSuccess(@RequestParam("callback") String callback){The second step is to construct parameters and return Combine the received verification parameter callback with the actual json data to be returned Constructed according to the "callback(json)" method:
@ResponseBody @RequestMapping("/getMySeat") public String getMySeatSuccess(@RequestParam("callback") String callback){ Gson gson=new Gson(); //google的一个json工具库 Map<String,String> map=new HashMap<>(); map.put("seat","1_2_06_12"); return callback+"("+gson.toJson(map)+")"; //构造返回值 }IV. SummaryFinally, the corresponding code for the front and back ends should be like this:
Front end
$.ajax({ type:"GET", url:"http://www.deardull.com:9090/getMySeat", //访问的链接 dataType:"jsonp", //数据格式设置为jsonp jsonp:"callback", //Jquery生成验证参数的名称 success:function(data){ //成功的回调函数 alert(data); }, error: function (e) { alert("error"); } });
Backend
@ResponseBody @RequestMapping("/getMySeat") public String getMySeatSuccess(@RequestParam("callback") String callback){ Gson gson=new Gson(); Map<String,String> map=new HashMap<>(); map.put("seat","1_2_06_12"); logger.info(callback); return callback+"("+gson.toJson(map)+")"; }It should be noted that:
The above is the detailed content of Analyzing jsonp cross-domain access from both front-end and back-end perspectives. For more information, please follow other related articles on the PHP Chinese website!