Cross domain access to AJAX two effective solutions described
- 2020-06-15 07:58:18
- OfStack
The new W3C strategy implements HTTP cross-domain access, and It took me a long time to find the data to solve this problem:
Just add Access-ES6en-ES7en-ES8en to the header information returned from servlet.
For example, If I want to open up all my local cross-domain access, Set response.setHeader (" ES12en-ES13en-ES14en-ES15en ", "http://127.0.0.1/*");
This allows me to request AJAX from my local A project across domains for servlet from the B project.
The code is as follows:
HTML JS ajax request:
servlet code:
It was ok to test the code native-after two days, I put servlet on the server and then tested it locally.
The above approach perfectly solves the problem, but the above article also says that. There may be security issues, and it is still a question of whether all the new standards are supported, so we can apply another trick to achieve the same effect, because THERE is no cross-domain problem with js, if our server's servlet returns an JS script, that is fine. We can use src of javascript in js of A project to access servlet of B project and then pass data through js script output from servlet. Therefore, Based on this idea, I tested the following code:
JS code of the page:
servlet code:
Just add Access-ES6en-ES7en-ES8en to the header information returned from servlet.
For example, If I want to open up all my local cross-domain access, Set response.setHeader (" ES12en-ES13en-ES14en-ES15en ", "http://127.0.0.1/*");
This allows me to request AJAX from my local A project across domains for servlet from the B project.
The code is as follows:
HTML JS ajax request:
/* Create a new XMLHttpRequest object to talk to the Web server */
var xmlHttp = false;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e2) {
xmlHttp = false;
}
}
@end @*/
if (!xmlHttp && typeof XMLHttpRequest != 'undefined') {
xmlHttp = new XMLHttpRequest();
}
var url = "http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX";
xmlHttp.open("GET", url, true);
//Setup a function for the server to run when it's done
xmlHttp.onreadystatechange = function(){
if (xmlHttp.readyState == 4) {
var response = xmlHttp.responseText;
alert(response);
}
}
//Send the request
xmlHttp.send(null);
servlet code:
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException {
resp.setHeader("Pragma", "no-cache");
resp.setHeader("Cache-Control", "no-cache");
// The following sentence is the core
resp.setHeader("Access-Control-Allow-Origin", "http://127.0.0.1/*");
resp.setDateHeader("Expires", 0);
ServletOutputStream sos = resp.getOutputStream();
try {
sos.write(obj.toString().getBytes("GBK"));
} catch (Exception e) {
System.out.println(e.toString90)
} finally {
try {
sos.close();
} catch (Exception e) {
LOG.error(e);
}
}
}
It was ok to test the code native-after two days, I put servlet on the server and then tested it locally.
The above approach perfectly solves the problem, but the above article also says that. There may be security issues, and it is still a question of whether all the new standards are supported, so we can apply another trick to achieve the same effect, because THERE is no cross-domain problem with js, if our server's servlet returns an JS script, that is fine. We can use src of javascript in js of A project to access servlet of B project and then pass data through js script output from servlet. Therefore, Based on this idea, I tested the following code:
JS code of the page:
function loadAjax(){
id="testesbscript";
oScript = document.getElementById(id);
var head = document.getElementsByTagName("head").item(0);
if (oScript) {
head.removeChild(oScript);
}
oScript = document.createElement("script");
var url = "http://127.0.0.1:2012/esb/servlet/HttpClient?randomType=MIX&success=justHandle
oScript.setAttribute("id",id);
oScript.setAttribute("type","text/javascript");
oScript.setAttribute("language","javascript");
head.appendChild(oScript);
}
//jsutHandle This function is an inverse function. servlet It's going to be used in the code eval This is the way to do it.
function justHandle(dd){
alert(dd);
}
servlet code:
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException {
Object obj = "test";
ServletOutputStream sos = resp.getOutputStream();
StringBuffer sb = new StringBuffer();
resp.setCharacterEncoding("GBK");
resp.setHeader("Charset","GBK");
resp.setContentType("charset=GBK");
// The following sentence indicates yes javascript The script file
resp.setContentType("text/javascript");
sb.append("eval(/""+paramMap.get("success")+"(/'"+obj.toString()+"/')/")");
try {
sos.write(sb.toString().getBytes(this.character_encoding));
} catch (Exception e) {
System.out.println(e.toString());
} finally {
try {
sos.close();
} catch (Exception e) {
System.out.println(e.toString());
}
}
}