开发者

Browser Same Origin Policy

开发者 https://www.devze.com 2023-02-04 10:02 出处:网络
We have application hosted \"xyz:8080/rootapp\" and cometd services hosted on \"xyz:9090/cometed\".The JavaScript loaded from cometd server needs to access the DOM/JavaScripts loaded from (xyz:8080),

We have application hosted "xyz:8080/rootapp" and cometd services hosted on "xyz:9090/cometed". The JavaScript loaded from cometd server needs to access the DOM/JavaScripts loaded from (xyz:8080), the browser's same origin policy is not allowing it.

To overcome it we set 'document.domain' as "xyz" eliminating port. This solution is working well but this is becoming problem to all the iframes loaded by "xyz:8080" and I need to change each and every iframe to use dom开发者_开发问答ain as "xyz".

Can someone provide me hints to solve this problem without changing each and every iframe?

Do we have any http header to set domain?


You can use CORS to specify an exception to same origin, this will work in any relatively modern browser.

This page has a fairly good intro and a list of compatible browsers.

The short version is put an Access-Control-Allow-Origin header into the responses from xyz:8080 that contains either xyz:9090 or * (for unrestricted access).

0

精彩评论

暂无评论...
验证码 换一张
取 消