How can $.ajax be accessed across domains?

request directly
clipboard.png


clipboard.png

jsonp

clipboard.png

clipboard.png

clipboard.png
200

clipboard.png

what should I do now? How do I request this api? without a response header on the server

Mar.06,2021

browsers do not support cross-domain. After using jsonp, in ajax requests, you have to do processing on the server side.
add header information on the server side,

header('Access-Control-Allow-Origin: *'); //
header("Access-Control-Allow-Headers: token,Origin, X-Requested-With, Content-Type, Accept"); //content-type
header('Access-Control-Allow-Methods: POST,GET'); //

the answer above is cors mode cross-domain
subject has the result but no data because the jsonp method requires that the object object of js be returned instead of json
these are two different ways


add that jsonp is actually closer to js in cross-domain principle. It requires the server to return a piece of js code with object, and then take advantage of the feature in the js tag that src does not have cross-domain restrictions by default (exactly, there is no cross-domain restrictions if the web page is not configured with csp, but at the same time at the expense of some security), load it with src, so you can get the data in object. At the same time, because js.object,jQ, which is in the same line as json, makes the code look like it is loading json. (what the heck)

CORS requires the server to return with a CORS header indicating the domain that allows cross-domain access (of course, you can also use the wildcard * to save trouble). However, I personally think that if the domain has the ability to control the backend, it is a better choice to configure a forwarding proxy, because there is no cross-domain problem in the frontend. The forwarding proxy can be done with Nginx, and it is possible to set URL forwarding in domain name resolution. (recently discovered, Wanwang has URL explicit / implicit forwarding, but it has not been tried yet).


use an agent tool like charles.


Cross-domain jsonp or Access-Control-Allow-Origin requires server support


the cross-domain setting of chrome after version 49
chrome has been upgraded to 49, and the cross-domain setting is stricter than before. After adding-- disable-web-security to the open command, you also need to give a new directory of the user's personal information. As we all know, chrome is a browser that needs to log in with a gmail address. After logging in, it will generate a directory to store personal information and save users' favorites, history and other personal information. After version 49, if you set the chrome browser to support cross-domain mode, you need to specify a directory of personal information instead of using the default directory. It is estimated that chrome browsers are afraid that users should not use cross-domain mode to disclose their personal information (mainly because the login token information of many cookie, websites is stored in cookie).

the specific method is:

1. Create a new directory on your computer, for example: C:MyChromeDevUserData

2. Add the value of-- disable-web-security-- user-data-dir=C:MyChromeDevUserData,--user-data-dir to the target input box on the property page, which is the directory you just created.

3. Click apply and OK to close the properties page and open the chrome browser.

Open chrome, again and find a prompt related to "--disable-web-security", indicating that chrome can work properly across domains again.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1eafc4f-2285.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1eafc4f-2285.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?