CN115622999A - Safe front-end cross-domain request data interaction method - Google Patents
Safe front-end cross-domain request data interaction method Download PDFInfo
- Publication number
- CN115622999A CN115622999A CN202211188537.6A CN202211188537A CN115622999A CN 115622999 A CN115622999 A CN 115622999A CN 202211188537 A CN202211188537 A CN 202211188537A CN 115622999 A CN115622999 A CN 115622999A
- Authority
- CN
- China
- Prior art keywords
- domain
- message
- page
- cross
- requested
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of cross-domain data interaction, and discloses a safe front-end cross-domain request data interaction method, which comprises the steps that a front-end of a requester system constructs a page, a requested page URL address is introduced through an iframe, and requested service elements are displayed; realizing uniform display of page elements of the cross-domain system; the requested party monitors the message event of the requesting party; a requester triggers a message event through a front-end operation; the requested party receives the message event and performs access domain identification and filtering; the requested party transmits data and operates in the same way; cross-domain data interaction. According to the safe method for the front-end cross-domain request data interaction, the requester can integrate page elements of the requester, uniform presentation of data elements among cross-domain systems is realized, data transmission among the cross-domain systems is supported through message events among the front ends, data does not need to be forwarded through a background, and network overhead is saved.
Description
Technical Field
The invention relates to the technical field of cross-domain data interaction, in particular to a safe front-end cross-domain request data interaction method.
Background
With the rapid development of the internet, daily office work needs to be performed through a large amount of software, and cross-domain request data interaction is often required when business data interaction is required among different software systems, so that a cross-data interaction processing method is correspondingly developed.
The cross-domain data interaction processing method in the prior art mainly has the following technical defects: firstly, the existing cross-domain data interaction is realized through a background interface, so that front-end service elements between cross-domain systems are respectively isolated, and the problems that page elements cannot be effectively integrated and the network overhead is large are caused; secondly, in the existing front-end cross-domain data interaction, a certain service domain directly controls js scripts on other service domains to process data, corresponding permissions need to be opened by other service domains, and the problem of great potential safety hazard exists.
Disclosure of Invention
The invention aims to provide a safe method for front-end cross-domain request data interaction, which aims to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a method for secure front-end cross-domain request data interaction comprises the following steps:
s1, a front end of a requester system constructs a page;
s2, the requested party monitors the message event of the requesting party;
s3, the requester triggers a message event through front-end operation;
s4, the requested party receives the message event and performs access domain identification and filtering;
s5, the requested party transmits data and operates in the same way;
and S6, cross-domain data interaction.
Further, a page is constructed at the front end of the requesting system in the S1, the page of the requested system is integrated through a Uniform Resource Locator (URL), the URL address of the page of the requested system is introduced through an iframe, and the service elements of the requested system are displayed; meanwhile, the requested system passively loads page elements, so that the page elements of the cross-domain system are uniformly displayed.
Further, in the S2, the requested party monitors the message event of the requesting party according to the agreed specification; the message will carry the domain address, the message key value and the message content of the message submitting party during the transmission process.
Further, in S3, when the user performs an operation on the front-end page of the requesting system, the requesting front-end page sends a message event to the requested front-end page.
Further, after the requested page receives the message event in S4, the domain address in the message request is analyzed, and the illegal domain address is filtered; and processing the corresponding message event according to the message key value, or analyzing the message content according to the requirement, and then submitting a response message to the requester according to the processing result.
Further, in the S5, during the event processing, the requested page may transmit data to another party through a message event in the same manner across domains.
Further, through the operation processes of the S1 to the S5, the cross-domain data interaction of the front-end request can be realized more safely.
Compared with the prior art, the invention provides a safe front-end cross-domain request data interaction method, which has the following beneficial effects:
1. according to the safe method for the front-end cross-domain request data interaction, the page elements of the requested party can be integrated by the requesting party through the safe method for the front-end cross-domain request data interaction, the uniform presentation of the data elements among cross-domain systems is realized, the data transmission among the cross-domain systems is supported through message events among the front ends, the data does not need to be forwarded through a background, and the network overhead is saved.
2. According to the safe method for requesting data interaction between domains at the front end, the independence of data processing of each domain is kept through a message event mechanism, and the data access safety of each domain is guaranteed. Meanwhile, a cross-domain access white list can be established by using a message mechanism, so that not only is necessary data interaction between front-end cross-domain systems ensured, but also the security of the data interaction of the system is ensured.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
A method for secure front-end cross-domain request data interaction comprises the following steps:
s1, a front end of a requester system constructs a page;
s2, the requested party monitors the message event of the requesting party;
s3, the requester triggers a message event through front-end operation;
s4, the requested party receives the message event and performs access domain identification and filtering;
s5, the requested party transmits data and operates in the same way;
and S6, cross-domain data interaction.
Further, a page is built at the front end of the requesting system in the S1, the page of the requested system is integrated through a Uniform Resource Locator (URL), the URL address of the page of the requested system is introduced through an iframe, and service elements of the requested system are displayed; meanwhile, the requested system passively loads page elements, so that the page elements of the cross-domain system are uniformly displayed.
Further, in S2, the requested party monitors the message event of the requesting party according to the convention standard; the message will carry the domain address, the message key value and the message content of the message submitting party during the transmission process.
Further, in S3, when the user operates on the requesting system front-end page, the requesting front-end page sends a message event to the requested front-end page.
Further, after the requested party page receives the message event in S4, the domain address in the message request is analyzed, and the illegal domain address is filtered; and processing the corresponding message event according to the message key value, or analyzing the message content according to the requirement, and then submitting a response message to the requester according to the processing result.
Further, in S5, the requested page may transfer data to another party through a message event in the same manner across domains during the event processing.
Further, through the operation process from S1 to S5, the cross-domain data interaction of the front-end request can be realized more safely.
For example:
a safe method for requesting data interaction by front end crossing domains comprises a system A and a system B which need the front end crossing domains to carry out data interaction, wherein the page of the system A needs to be integrated with the page of the system B and is embedded into the page of the system A as a sub-page, and the page of the system B and the page of the system A have data interaction requirements; but system a and system B belong to different access domains. When the safe front-end cross-domain request data interaction is realized according to the method, the main steps are as follows:
s1, a page is built at the front end of a system A, a URL address of a page of a system B is introduced through iframe, and page elements of the system B are displayed; realizing uniform display of page elements of a cross-domain system;
s2, the system B brings the access domain of the system A into an access white list, and monitors message events according to the convention specification;
s3, when the user operates on the front-end page of the system A, the front-end page of the system A sends a message event to the front-end page of the system B; the message event carries the domain address of the system A, the key value of the event and message data;
s4, after the page of the system B receives the message event, analyzing the domain address in the message request, and filtering the illegal domain address; and according to the message key value, carrying out corresponding message event processing, and also analyzing the message data content according to the requirement.
And S5, in the event processing process, the page of the system B can transmit data to the system A through the message event in a cross-domain mode in the same way.
And S6, through the process, the relatively safe cross-domain data interaction of the front-end request can be realized.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A method for safe front-end cross-domain request data interaction is characterized in that: the method comprises the following steps:
s1, a front end of a requester system constructs a page;
s2, the requested party monitors the message event of the requesting party;
s3, the requester triggers a message event through front-end operation;
s4, the requested party receives the message event and performs access domain identification and filtering;
s5, the requested party transmits data and operates in the same way;
and S6, cross-domain data interaction.
2. The method of claim 1, wherein the method comprises the following steps:
constructing a page at the front end of the requesting system in the S1, introducing a URL (uniform resource locator) address of a requested page through an iframe, and displaying service elements of the requested page; and realizing uniform display of page elements of the cross-domain system.
3. The method of claim 1, wherein the method comprises the following steps:
in the S2, the requested party monitors the message event of the requesting party according to the convention specification; the message will carry the domain address of the submitting party of the message, the key value of the message and the content of the message in the process of transmission.
4. The method of claim 1, wherein the method comprises the following steps:
in S3, when the user operates on the front end page of the requesting system, the requesting front end page sends a message event to the requested front end page.
5. The method of claim 1, wherein the method comprises:
after the requested page receives the message event in the S4, the domain address in the message request is analyzed, and the illegal domain address is filtered; and according to the message key value, carrying out corresponding message event processing, and also analyzing the message content according to the requirement.
6. The method of claim 1, wherein the method comprises:
in S5, during the event processing, the requested page may transfer data to another party through a message event in the same manner across domains.
7. The method of claim 1, wherein the method comprises:
through the operation processes from S1 to S5, the cross-domain data interaction of the front-end request can be realized more safely.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211188537.6A CN115622999A (en) | 2022-09-28 | 2022-09-28 | Safe front-end cross-domain request data interaction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211188537.6A CN115622999A (en) | 2022-09-28 | 2022-09-28 | Safe front-end cross-domain request data interaction method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115622999A true CN115622999A (en) | 2023-01-17 |
Family
ID=84860378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211188537.6A Pending CN115622999A (en) | 2022-09-28 | 2022-09-28 | Safe front-end cross-domain request data interaction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115622999A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090132713A1 (en) * | 2007-11-20 | 2009-05-21 | Microsoft Corporation | Single-roundtrip exchange for cross-domain data access |
| US8117325B1 (en) * | 2008-04-29 | 2012-02-14 | Juniper Networks, Inc. | Policy-based cross-domain access control for SSL VPN |
| CN108574709A (en) * | 2017-03-10 | 2018-09-25 | 北京京东尚科信息技术有限公司 | The implementation method and device of cross-domain operation |
| CN111435380A (en) * | 2019-01-14 | 2020-07-21 | 顺丰科技有限公司 | Page cross-domain interaction method, system, device and storage device |
-
2022
- 2022-09-28 CN CN202211188537.6A patent/CN115622999A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090132713A1 (en) * | 2007-11-20 | 2009-05-21 | Microsoft Corporation | Single-roundtrip exchange for cross-domain data access |
| US8117325B1 (en) * | 2008-04-29 | 2012-02-14 | Juniper Networks, Inc. | Policy-based cross-domain access control for SSL VPN |
| CN108574709A (en) * | 2017-03-10 | 2018-09-25 | 北京京东尚科信息技术有限公司 | The implementation method and device of cross-domain operation |
| CN111435380A (en) * | 2019-01-14 | 2020-07-21 | 顺丰科技有限公司 | Page cross-domain interaction method, system, device and storage device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7487242B2 (en) | Method and apparatus for server load sharing based on foreign port distribution | |
| RU2379849C2 (en) | Filtration of application services in intermediate device in communication channel | |
| US7953753B2 (en) | Newsmaker verification and commenting method and system | |
| US20150288673A1 (en) | Method, Apparatus and Application Platform for Realizing Logon to an Application Service Website | |
| US7039804B2 (en) | Method and system to integrate existing user and group definitions in a database server with heterogeneous application servers | |
| US8910277B1 (en) | Process-based domain isolation | |
| CN109756337B (en) | Secure access method and device for service interface | |
| US6760844B1 (en) | Secure transactions sessions | |
| JP2000508153A (en) | General-purpose user authentication method for network computers | |
| EP1628184A1 (en) | Method and computer system to carry out a network based business process | |
| EP2605155A1 (en) | Processing method and device for world wide web page | |
| KR20000022706A (en) | Information processing method, information processing apparatus, and storage medium for storing an information processing program | |
| CN112202744B (en) | Multi-system data communication method and device | |
| CN111611513A (en) | Page display method and device based on user identity information and electronic equipment | |
| CN106713315A (en) | Login method and device for plug-in application | |
| CN105959278B (en) | A kind of method, apparatus and system for calling VPN | |
| CN106657271A (en) | Method and device for calling local control | |
| CN114285659A (en) | Reverse proxy method, device, equipment and storage medium | |
| CN112541828B (en) | System, method, device, processor and storage medium for realizing open securities management and open securities API access control | |
| CN115622999A (en) | Safe front-end cross-domain request data interaction method | |
| CN111200645B (en) | Service request processing method, device, equipment and readable storage medium | |
| US20060095321A1 (en) | Method and apparatus for promotion management | |
| CN115550003A (en) | Data transmission method, device and system | |
| CN109460216A (en) | A method of TV generic data service is provided on TV for WEB page | |
| CN113553623A (en) | Access request authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |