Web When the front and back ends of the project are separated for development , Cross domain requests and cross domain portability are often encountered Cookie Related issues :

Cross domain request

The server can modify the following settings according to the actual needs , with Java Code as an example :
// Allow cross domain domain names ,* Number is allow all , Existing by DDoS Possibility of attack . getResponse().setHeader(
"Access-Control-Allow-Origin","*"); // Indicates all header information fields supported by the server getResponse().setHeader(
"Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With,
If-Modified-Since, Pragma,Last-Modified, Cache-Control, Expires, Content-Type,
X-E4M-With,userId,token"); /** Currently, it is tested to be compatible with all request modes , above 2 Required **/
// If you need to Cookie Send to server , Need to specify Access-Control-Allow-Credentials Field is true;
getResponse().setHeader("Access-Control-Allow-Credentials", "true"); // First field
Access-Control-Allow-Methods Indicates that the server allows clients to use POST, GET and OPTIONS Method initiate request . // This field is associated with
HTTP/1.1 Allow: response header similar , But only for scenarios requiring access control . getResponse().setHeader(
"Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); // Indicates that the effective time of the response is
86400 second , that is 24 hour . Within the effective time , The browser does not need to initiate another pre check request for the same request .
// Please note that , The browser itself maintains a maximum effective time , If the value of the first field exceeds the maximum effective time , Will not take effect . getResponse().setHeader(
"Access-Control-Max-Age", "86400"); // IE8 introduce XDomainRequest Cross station data acquisition function , That is to say, for compatibility IE
getResponse().setHeader("XDomainRequestAllowed","1");
Cross domain request carrying Cookie

The server can modify the following settings according to the actual needs , with Java Code as an example :
// If you need to Cookie Send to server , Need to specify Access-Control-Allow-Credentials Field is true;
response.setHeader("Access-Control-Allow-Credentials", "true");
// Allow cross domain domain names ,* Number is allow all , Existing by DDoS Possibility of attack . response.setHeader(
"Access-Control-Allow-Origin",request.getHeader("Origin")); // Indicates the header information fields supported by the server
response.setHeader("Access-Control-Allow-Headers","content-type");
The front end modifies the requested ajax, Example :
$.ajax({ type: "POST", url: " Actual request address ", data: { parameter : Parameter value }, dataType: "json",
crossDomain:true, // Set cross domain as true xhrFields: { withCredentials: true
// By default , Standard cross domain requests are not sent cookie Of }, success: function(data){ alert(" Request succeeded "); } });
There are also agents ,jsonp I won't introduce you in any other way

notes : For self study only , Record questions and references , Please forgive me for any misunderstanding and inconvenience , Mutual encouragement !

Technology
©2019-2020 Toolsou All rights reserved,
JQ get request Splicing url parameter ( query criteria ) Programmer and architect Hua Shan ( Essence )2020 year 7 month 21 day ASP.NET Core Use of global filters Vue el-select obtain label value css Basics 2:flex Multi row layout with gaps Maximum security risk of cloud computing : Unclear safety responsibility fio Use details vue Value transfer between parent-child and non parent-child components C#/.NET System optimization (redis Chapter 6 data structure 【List】)( Essence )2020 year 8 month 13 day C# Basic knowledge windform Realize two color sphere