js sets document.domain to achieve cross-domain attention point analysis_javascript skills

The example of this article analyzes the points to note when setting document.domain in js to achieve cross-domain implementation. Share it with everyone for your reference. The specific analysis is as follows:

document.domain
Used to get the domain name of the current web page.
For example, enter in the address bar:

Copy code The code is as follows:

javascript:alert(document.domain); //www.jb51.net

We can also assign a value to the document.domain attribute, but there are restrictions. You can only assign it to the current domain name or the basic domain name.
For example:

Copy code The code is as follows:

javascript:alert(document.domain = "jb51.net"); //jb51 .net
javascript:alert(document.domain = "www.jb51.net"); //www.jb51.net

The above assignments are all successful because www.jb51.net is the current domain name and jb51.net is the basic domain name.

But the following assignment will cause an "invalid parameter" error:

Copy code The code is as follows:

javascript:alert(document.domain = "cctv.net"); //Parameters Invalid
javascript:alert(document.domain = "www.jb51.net"); //Invalid parameter

Because cctv.net and www.jb51.net are not the current domain name nor the base domain name of the current domain name, errors will occur.
This is to prevent someone from maliciously modifying document.domain to steal data across domains.

Use document.domain to achieve cross-domain:

Prerequisite: These two domain names must belong to the same basic domain name! And the protocols and ports used must be consistent, otherwise document.domain cannot be used for cross-domain

Javascript prohibits two or more pages from different domains from interoperating for security reasons.
Pages from the same domain will interoperate without any problems.

For example, in a webpage (a.html) of aaa.com, a webpage (b.html) in bbb.com is introduced using iframe.
At this time, the content in b.html can be seen in a.html, but javascript cannot be used to operate it. Because the two pages belong to different domains, before operating, js will check whether the domains of the two pages are equal. If they are equal, the operation will be allowed. If they are not equal, the operation will be rejected.
It is impossible to change a.html and b.html to the same domain using JS. Because their base domain names are not equal. (If you force JS to change them into equal fields, the same "invalid parameter error" as above will be reported)

So if you introduce another webpage in aaa.com into a.html, there will be no problem because the domains are equal.

There is another situation, two subdomains:

aaa.xxx.com
bbb.xxx.com

A webpage (a.html) in aaa introduces a webpage (b.html) in bbb,
At this time, the content in b.html cannot be manipulated in a.html.
Because the document.domain is different, one is aaa.xxx.com and the other is bbb.xxx.com.

At this time, we can change the domain of the two pages to the same through Javascript,
Need to add in both a.html and b.html:

Copy code The code is as follows:

document.domain = "xxx.com";

This way the two pages can operate with each other. That is to say, "cross-domain" between the same basic domain names is realized.

I hope this article will be helpful to everyone’s JavaScript programming design.