


js sets document.domain to achieve cross-domain attention point analysis_javascript skills
The example of this article analyzes the points to note when setting document.domain in js to achieve cross-domain implementation. Share it with everyone for your reference. The specific analysis is as follows:
document.domain
Used to get the domain name of the current web page.
For example, enter in the address bar:
We can also assign a value to the document.domain attribute, but there are restrictions. You can only assign it to the current domain name or the basic domain name.
For example:
javascript:alert(document.domain = "www.jb51.net"); //www.jb51.net
The above assignments are all successful because www.jb51.net is the current domain name and jb51.net is the basic domain name.
But the following assignment will cause an "invalid parameter" error:
javascript:alert(document.domain = "www.jb51.net"); //Invalid parameter
Because cctv.net and www.jb51.net are not the current domain name nor the base domain name of the current domain name, errors will occur.
This is to prevent someone from maliciously modifying document.domain to steal data across domains.
Use document.domain to achieve cross-domain:
Prerequisite: These two domain names must belong to the same basic domain name! And the protocols and ports used must be consistent, otherwise document.domain cannot be used for cross-domain
Javascript prohibits two or more pages from different domains from interoperating for security reasons.
Pages from the same domain will interoperate without any problems.
For example, in a webpage (a.html) of aaa.com, a webpage (b.html) in bbb.com is introduced using iframe.
At this time, the content in b.html can be seen in a.html, but javascript cannot be used to operate it. Because the two pages belong to different domains, before operating, js will check whether the domains of the two pages are equal. If they are equal, the operation will be allowed. If they are not equal, the operation will be rejected.
It is impossible to change a.html and b.html to the same domain using JS. Because their base domain names are not equal. (If you force JS to change them into equal fields, the same "invalid parameter error" as above will be reported)
So if you introduce another webpage in aaa.com into a.html, there will be no problem because the domains are equal.
There is another situation, two subdomains:
aaa.xxx.com
bbb.xxx.com
A webpage (a.html) in aaa introduces a webpage (b.html) in bbb,
At this time, the content in b.html cannot be manipulated in a.html.
Because the document.domain is different, one is aaa.xxx.com and the other is bbb.xxx.com.
At this time, we can change the domain of the two pages to the same through Javascript,
Need to add in both a.html and b.html:
This way the two pages can operate with each other. That is to say, "cross-domain" between the same basic domain names is realized.
I hope this article will be helpful to everyone’s JavaScript programming design.

I built a functional multi-tenant SaaS application (an EdTech app) with your everyday tech tool and you can do the same. First, what’s a multi-tenant SaaS application? Multi-tenant SaaS applications let you serve multiple customers from a sing

This article demonstrates frontend integration with a backend secured by Permit, building a functional EdTech SaaS application using Next.js. The frontend fetches user permissions to control UI visibility and ensures API requests adhere to role-base

JavaScript is the core language of modern web development and is widely used for its diversity and flexibility. 1) Front-end development: build dynamic web pages and single-page applications through DOM operations and modern frameworks (such as React, Vue.js, Angular). 2) Server-side development: Node.js uses a non-blocking I/O model to handle high concurrency and real-time applications. 3) Mobile and desktop application development: cross-platform development is realized through ReactNative and Electron to improve development efficiency.

The latest trends in JavaScript include the rise of TypeScript, the popularity of modern frameworks and libraries, and the application of WebAssembly. Future prospects cover more powerful type systems, the development of server-side JavaScript, the expansion of artificial intelligence and machine learning, and the potential of IoT and edge computing.

JavaScript is the cornerstone of modern web development, and its main functions include event-driven programming, dynamic content generation and asynchronous programming. 1) Event-driven programming allows web pages to change dynamically according to user operations. 2) Dynamic content generation allows page content to be adjusted according to conditions. 3) Asynchronous programming ensures that the user interface is not blocked. JavaScript is widely used in web interaction, single-page application and server-side development, greatly improving the flexibility of user experience and cross-platform development.

Python is more suitable for data science and machine learning, while JavaScript is more suitable for front-end and full-stack development. 1. Python is known for its concise syntax and rich library ecosystem, and is suitable for data analysis and web development. 2. JavaScript is the core of front-end development. Node.js supports server-side programming and is suitable for full-stack development.

JavaScript does not require installation because it is already built into modern browsers. You just need a text editor and a browser to get started. 1) In the browser environment, run it by embedding the HTML file through tags. 2) In the Node.js environment, after downloading and installing Node.js, run the JavaScript file through the command line.

How to send task notifications in Quartz In advance When using the Quartz timer to schedule a task, the execution time of the task is set by the cron expression. Now...


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

Atom editor mac version download
The most popular open source editor

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

WebStorm Mac version
Useful JavaScript development tools