Ajax cross-domain cookie related settings
In web programming, we often encounter cross-domain issues. By default, browsers do not allow cross-domain access. Therefore, there is a concept here: CORS (Cross-Origin Resource Sharing).
Before the HTML5 standard came out, CORS was not allowed. However, in order to achieve the purpose of cross-domain access to resources, many troublesome methods emerged: jsonp, proxy files, address bar hash, etc. With the emergence of HTML5, CORS solved a big problem for us.
CORS is widely used. Recently, CORS is also used when doing SSO. For a detailed introduction to CORS, you can refer to the article "Detailed Explanation of Cross-Domain Resource Sharing CORS" by Mr. Ruan Yifeng . Here we only introduce the following two situations.
Ajax cross-domain simple access
To achieve cross-domain access, we must first understand that the most important point of CORS to achieve cross-domain access is to set the Access-Control-Allow-Origin parameter.
If I have two sites
www.onmpw.com
www.jiyibk.com
I access jiyibk via ajax on my onmpw site.
$.ajax({
url:'http://www.jiyibk.com/index.php',
dataType:'json',
type:'post',
data:{id:1},
success:function(data){
console.log(data);
},
error:function(err){
console.log(err);
}
})
If we do not make any settings, a prompt will appear prohibiting cross-domain access
To solve this problem, we need to use the Origin parameter in the http request header.
The Origin parameter represents the source site. Therefore, we only need to set Access-Control-Allow-Origin on the jiyibk server, and the allowed website is the Origin option value in the request header.
<?php
header("Access-Control-Allow-Origin:".$_SERVER[‘HTTP_ORIGIN’]);
You only need to set up the server, and you can achieve cross-domain access without any other settings on the client. However, the above settings only allow cross-domain access, and cookies cannot be set or read across domains. Next, we will set up cross-domain cookies.
Ajax cross-domain cookie settings
We have implemented ajax cross-domain access above, but we still cannot set cookies. To set cross-domain cookies, we also need to set another important parameter of CORS, Access-Control-Allow-Credentials.
Different from the above settings, this item is not only set on the server, but also needs to be set on the client.
The client is as follows:
$.ajax({
url:'http://www.jiyibk.com/index.php',
xhrFields: {withCredentials: true},
dataType:'json',
type:'post',
data:{id:1},
success:function(data){
console.log(data);
},
error:function(err){
console.log(err);
}
})
The ajax setting through jQuery is relatively simple. Just add xhrFields: {withCredentials: true}, and the client can be said to be set up.
Next is on the jiyibk server:
<?php
header("Access-Control-Allow-Origin:". $_SERVER[‘HTTP_ORIGIN’]);
header("Access-Control-Allow-Credentials: true ");
After the above settings, you can set cookies across domains.
CORS provides great convenience for us to develop web applications. This article only briefly introduces the problem of setting cookies across domains via ajax. There are still other in-depth things to be explored. In short, I hope this article can help you.
For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.
Related Articles
Which technology do you choose to implement the web chat room?
Publish Date:2025/03/18 Views:61 Category:NETWORK
-
With the rise of HTML5 Websockets, web chat applications are becoming more and more popular. Recently, I am working on a mobile web application, the core function of which is to implement web chat on the mobile phone. Of course, the functio
Implementing a group chat room using socket.io
Publish Date:2025/03/18 Views:65 Category:NETWORK
-
This article will share with you an example of using socket.io to realize the function of group chat. If you want to use socket.io, you must use nodejs to implement the server, so we need to install socket.io in nodejs Install socket.io How
PHP+ajax to achieve cross-domain single sign-on
Publish Date:2025/03/16 Views:145 Category:NETWORK
-
We have previously introduced the principle of cross-domain single sign-on in "Detailed explanation of the implementation methods of three situations of SSO single sign-on" . Here we will introduce how to implement single sign-on using PHP
IE's Ajax cross-domain issue
Publish Date:2025/03/16 Views:190 Category:NETWORK
-
Ajax is widely used in web systems, but cross-domain issues are often encountered in web systems. By default, browsers prohibit Ajax cross-domain access. The IE browser has particularly strict restrictions. For browsers such as Firefox, Goo
How to fix cross-origin (CORS) issues in Angular
Publish Date:2025/03/17 Views:192 Category:NETWORK
-
When we use a backend server for our Angular application during development, when trying to request resources from the API, we may encounter some cross-origin (CORS) restrictions that prevent us from accessing data from the API.
How to avoid cross-origin (CORS) issues in React/Next.js
Publish Date:2025/03/17 Views:166 Category:NETWORK
-
In this article, we will introduce how to avoid cross-origin (CORS) issues in React/Next.js. Cross-origin resource sharing (CORS) is a protocol that defines how web requests should be handled when crossing different URLs.
How to use cookies or localstorage for data persistence in Vue
Publish Date:2025/03/01 Views:85 Category:Vue
-
In Vue, we usually need to persist data so that the data state can be retained after the user refreshes the page or closes the browser. Common implementation methods include using cookies and localstorage. Using cookies Cookies are a simple
jQuery 中的 $.Ajax 数据类型
Publish Date:2024/03/24 Views:135 Category:JavaScript
-
本教程演示了在 jQuery 中使用 $.ajax 数据类型。
在 jQuery 中处理 $.ajax 失败
Publish Date:2024/03/24 Views:158 Category:JavaScript
-
在今天的文章中,我们将学习在 jQuery 中处理 AJAX 中的失败请求。
