Homologous strategy and cross-domain
The so-called cross-domain, called cross-domain in English, is a proper term in the field of network security. A simple understanding is that some operations cross the boundaries of domain names and visit other domain names.
If scripts can freely access other domains, there will be many security problems.
For example, suppose there is an online banking system, and you log in, which supports an ajax api to transfer money; There is a very popular forum system, but there is a malicious script in it. This script will call this ajax api to transfer 1000 blocks from the currently logged-in user account to the attacker's account. In this way, if you visit this forum, you will be transferred away 1000 yuan, and you have no idea!
In addition, cross-domain requests have many hazards. This is not a book about safety, so I won't say it. If you want to know more, you can buy a copy of "Web Front-end Hacking Technology Tips" written by Cosine.
In order to prevent cross-domain attacks, all modern browsers follow a set of homologous strategies. According to the definition on MDN, "If two pages have the same protocol, port (if specified) and host, then the two pages belong to the same origin". Except for a few embedding operations such as img src, requests that violate the same origin policy will be blocked by the browser.
It should be noted here that homology requires not only the same domain name or ip, but also the same protocol and port. For example, blogs.com/mashch/articles/4261448.html.
/articles/3q2iaqb
The foreground and background are separated, and nodeJS forwards the request to realize cross-domain access:/u 01kloc-0/783224/article/details/52214949.