CN117201049A

CN117201049A - Cross-domain access method and content distribution network edge server

Info

Publication number: CN117201049A
Application number: CN202210609390.7A
Authority: CN
Inventors: 黄中举; 李林锋
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-05-31
Filing date: 2022-05-31
Publication date: 2023-12-08
Also published as: WO2023231848A1

Abstract

The embodiment of the application discloses a cross-domain access method and a content distribution network edge server, which are used for improving interface performance. The method of the embodiment of the application comprises the following steps: intercepting a detection request of cross-domain access sent by a terminal; determining the security setting information of the source server corresponding to the cross-domain access according to the detection request; and returning a response message of the detection request to the terminal, wherein the response message of the detection request carries the security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request. Because the edge server intercepts and responds the detection request from the terminal browser, the time delay brought by the detection request back to the source can be reduced, the waiting time of the user can be reduced, and the user experience is improved.

Description

Cross-domain access method and content distribution network edge server

Technical Field

The present application relates to the field of communications technologies, and in particular, to a cross-domain access method and a content distribution network edge server.

Background

The content delivery network (content delivery network, CDN) is an intelligent virtual network constructed on the basis of the existing network, and users can obtain required content nearby by means of edge servers deployed in various places, so that network congestion is reduced, and the access response speed and hit rate of the users are improved. With the development of business, more and more Chinese companies begin to implement sea strategy, and deploy services to different overseas areas to provide services for local people. Due to reasons of privacy data protection or laws and regulations, in a business sea-going scene, part of data cannot be deployed on an edge server, but still needs to be acquired by a source server, and a cross-site calling condition exists in part of resource requests of a terminal browser.

Based on the browser homology strategy, before the terminal sends the cross-domain resource request, a detection request needs to be initiated to the source server to acquire the security configuration information of the source server. In the out-of-sea service, the physical distance between the terminal and the source server is far, so that the time delay for initiating the request to the source server is long, and the waiting time of the user can be increased and the user experience can be influenced by the fact that the terminal performs the detection request once before acquiring the resource request to the source server each time.

In the prior art, in order to reduce the waiting time of a user, after a first detection request is initiated, a terminal caches acquired cross-domain information locally through an external interface path of uniform resources of a gateway at a source server side, and the detection request pointing to the same interface path is not repeatedly triggered within the effective period of the cross-domain information.

Because the gateway at the source server side unifies the interface paths, the resource requests actually pointing to different source servers are displayed as the same name in the request paths, and the real request paths cannot be easily identified, so that the positioning is difficult when the service is in a problem.

Disclosure of Invention

The application provides a cross-domain access method and a content distribution network edge server, which can reduce the waiting time of users and improve the user experience.

The first aspect of the present application provides a cross-domain access method, applied to a CDN edge server of a content delivery network, the method comprising: intercepting a detection request of cross-domain access sent by a terminal; determining the security setting information of the source server corresponding to the cross-domain access according to the detection request; and returning a response message of the detection request to the terminal, wherein the response message of the detection request carries the security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request.

According to the cross-domain access method provided by the application, the edge server in the content distribution network intercepts and responds to the detection request from the terminal browser, and the response message returned to the terminal carries the security setting information for indicating the terminal to send the cross-domain access request, so that the detection request is prevented from being returned to the source, the time delay brought by the detection request is reduced, the waiting time of a user is reduced, and the user experience is improved. The problem that the service carried by the gateway unified interface path at the source server side is difficult to locate when the service is problematic is also avoided.

In a possible implementation manner of the first aspect, the method further includes: receiving the cross-domain access request sent by the terminal, wherein the head of the cross-domain access request is set based on the security setting information; forwarding the cross-domain access request to the source server; and receiving and forwarding a response message of the cross-domain access request to the terminal.

In the cross-domain access method provided by the application, the response message returned by the edge server to the terminal carries the security setting information, the terminal can determine whether to send the cross-domain access request based on the security setting information,

in a possible implementation manner of the first aspect, the security setting information includes one or more of the following fields: an identity credential references field indicating whether cross-domain access is allowed; a header field, the header field indicating a request header that the cross-domain access request can carry; a resource access domain origin field indicating a front end domain name for which access is allowed; an access method fields indicating the access methods allowed to be used.

The cross-domain access method provided by the application can determine the specific fields included in the security setting information according to the actual application scene, and in one possible implementation manner, the security setting information includes a identifiers field, a headers field, an origin field and a methods field.

In a possible implementation manner of the first aspect, before the response message of the probe request is returned to the terminal, the method further includes: and setting a response header of the response message of the probe request according to the security setting information.

In a possible implementation manner of the first aspect, the determining, according to the probe request, security setting information of the source server corresponding to the cross-domain access includes: and determining the security setting information according to the head information of the detection request and a cross-domain access list.

According to the cross-domain access method provided by the application, the edge server can preset a cross-domain access list, and particularly can be set and maintained by a developer, or the cross-domain access list can be acquired in other modes and stored in the edge server.

In a possible implementation manner of the first aspect, the cross-domain access list includes an access relation between domain name pairs allowed to be accessed; setting the cross-domain information according to the head information of the probe request and a cross-domain access list, including: and if the access relation between the source domain name and the destination domain name of the cross-domain access is stored in the cross-domain access list, setting a creatals field in the cross-domain information as permission.

According to the cross-domain access method provided by the application, the source domain name and the destination domain name of the cross-domain access and the access relation, such as the first domain name accessing the second domain name, are determined according to the head information of the probe request, then the cross-domain access list is searched, and if the first domain name accessing the second domain name accords with the second domain name, the creditial field is set as the permission.

In a possible implementation manner of the first aspect, the intercepting a probe request of cross-domain access sent by a terminal includes: receiving a first hypertext transfer protocol (HTTP) request sent by the terminal; and if the request method of the first http request is an options request, intercepting the first http request.

According to the cross-domain access method provided by the application, the edge server can judge based on the request method of the http request, intercept the options request and release other request methods such as post request. The probe request may be caused to be intercepted and the cross-domain access request normally back to the source.

A second aspect of the present application provides a CDN edge server, the server comprising: the interception module is used for intercepting a detection request of cross-domain access sent by the terminal; the determining module is used for determining the security setting information of the source server corresponding to the cross-domain access according to the detection request; the receiving and transmitting module is used for returning a response message of the detection request to the terminal, the response message of the detection request carries the security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request.

In a possible implementation manner of the second aspect, the transceiver module is further configured to: receiving the cross-domain access request sent by the terminal, wherein the head of the cross-domain access request is set based on the security setting information; forwarding the cross-domain access request to the source server; and receiving and forwarding a response message of the cross-domain access request to the terminal.

In a possible implementation manner of the second aspect, the security setting information includes one or more of the following fields: an identity credential references field indicating whether cross-domain access is allowed; a header field, the header field indicating a request header that the cross-domain access request can carry; a resource access domain origin field indicating a front end domain name for which access is allowed; an access server methods field indicating the access server that is allowed to be used.

In a possible implementation manner of the second aspect, the server further includes: and the setting module is used for setting a response header of the response message of the detection request according to the security setting information before the response message of the detection request is returned to the terminal.

In a possible implementation manner of the second aspect, the determining module is specifically configured to: and determining the security setting information according to the head information of the detection request and a cross-domain access list.

In a possible implementation manner of the second aspect, the cross-domain access list includes an access relationship between a pair of domain names allowed to be accessed; the setting module is specifically configured to: and if the access relation between the source domain name and the destination domain name of the cross-domain access is stored in the cross-domain access list, setting a creatals field in the cross-domain information as permission.

In a possible implementation manner of the second aspect, the transceiver module is further configured to: receiving a first hypertext transfer protocol (HTTP) request sent by the terminal; the interception module is specifically configured to: and if the request server of the first http request is an options request, intercepting the first http request.

In a third aspect, the present application provides a CDN edge server, including: one or more processors and memory; wherein the memory has stored therein computer readable instructions; the one or more processors reading the computer readable instructions to cause the CDN edge server to perform the method as described in the first aspect and any of the various possible implementations.

A fourth aspect of the application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the first aspect and any of the various possible implementations.

A fifth aspect of the application provides a computer readable storage medium comprising instructions, characterized in that the instructions, when run on a computer, cause the computer to perform the method according to the first aspect and any of the various possible implementations.

A sixth aspect of the application provides a chip comprising a processor. The processor is configured to read and execute a computer program stored in the memory to perform the method in any of the possible implementations of any of the aspects described above. Optionally, the chip includes a memory, and the memory and the processor are connected to the memory through a circuit or a wire. Further optionally, the chip further comprises a communication interface, and the processor is connected to the communication interface. The communication interface is used for receiving data and/or information to be processed, and the processor acquires the data and/or information from the communication interface, processes the data and/or information and outputs a processing result through the communication interface. The communication interface may be an input-output interface.

Technical effects of any implementation manner of the second aspect, the third aspect, the fourth aspect, the fifth aspect or the sixth aspect may refer to technical effects of corresponding implementation manners of the first aspect, which are not described herein.

The cross-domain access method and the CDN edge server provided by the application can intercept and respond the detection request from the terminal browser, and the response message returned to the terminal carries the security setting information for indicating the terminal to send the cross-domain access request, so that the detection request is prevented from being returned to the source, the time delay brought by the detection request is reduced, the waiting time of the user is reduced, and the user experience is improved. The problem that the service carried by the gateway unified interface path at the source server side is difficult to locate when the service is problematic is also avoided.

Drawings

Fig. 1 is an application scenario architecture diagram of a cross-domain access method provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of a prior art cross-domain access method;

FIG. 3 is a schematic diagram of one embodiment of a cross-domain access method according to an embodiment of the present application;

FIG. 4 is a schematic diagram of another embodiment of a cross-domain access method according to an embodiment of the present application;

FIG. 5 is a schematic diagram of an embodiment of a CDN edge server according to an embodiment of the present application;

fig. 6 is a schematic diagram of another embodiment of a CDN edge server according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will now be described with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the present application. As one of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical scheme provided by the embodiment of the application is also applicable to similar technical problems.

The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules that are expressly listed or inherent to such process, method, article, or apparatus. The naming or numbering of the steps in the present application does not mean that the steps in the method flow must be executed according to the time/logic sequence indicated by the naming or numbering, and the execution sequence of the steps in the flow that are named or numbered may be changed according to the technical purpose to be achieved, so long as the same or similar technical effects can be achieved.

1. Content delivery network (content delivery network CDN)

The CDN is an intelligent virtual network constructed on the basis of the existing network, and by means of the edge servers deployed in various places, a user can obtain required content nearby through load balancing, content distribution, scheduling and other functional modules of the center platform, network congestion is reduced, and user access response speed and hit rate are improved.

2. The cross-domain problem is derived from a homologous strategy of the browser, which is a built-in security strategy of the browser, and the homologous refers to the fact that the protocol, the domain name and the port are all identical. Once a non-homologous request (i.e., a cross-domain request) occurs, a probe request will be appended once, and if the homologous policy specified by the response message of the probe request is not satisfied, the operation will be blocked by the browser. The standard solution to the problem of homology is cross-domain resource sharing.

3. Cross-domain resource sharing (cross-origin resource sharing, CORS), abbreviated as cross-domain access, is an HTTP header-based mechanism that ensures security of cross-domain data transfer by allowing a server to mark other origin (domains, protocols and ports) in addition to itself so that a browser can access and load these resources.

Cross-domain resource sharing checks whether the server will allow the real request to be sent through a "pre-fetch" mechanism that initiates a pre-fetch request (or probe request) to the cross-domain resource hosted by the server through the browser. In the pre-inspection, the header sent by the browser is marked with the header which is used in the HTTP method and the real cross-domain request.

4. Back source request

When the browser sends a request message, the source server responds to the request message instead of each CDN edge server, and this process is called a back-source request with respect to a request responded by the CDN server.

Embodiments of the present application are described below with reference to the accompanying drawings. As one of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical scheme provided by the embodiment of the application is also applicable to similar technical problems.

Referring to fig. 1, a diagram of an application scenario architecture of a cross-domain access method in an embodiment of the present application is shown.

The scene architecture comprises: terminal 100, CDN edge server 200, and origin server 300. The terminal 100 is directly connected to the CDN edge server 200 through a communication network, and the CDN edge server 200 is directly connected to the origin server 300 or is relay connected. It should be noted that, in the case of the out-of-sea service, the physical distance between the CDN edge server 200 and the origin server 300 is relatively long, and the transmission delay is often reduced by a dedicated connection. Terminal 100 includes various forms of user terminals, such as cell phones, personal computers, tablet computers, wearable devices, and the like.

As shown in fig. 2, when the terminal browser finds a non-homologous request (i.e. a cross-domain request), the browser will be triggered to send a CORS probe request for checking if the origin server will allow a real cross-domain request to be sent, since it does not meet the homologous policy.

The specific process is as follows:

201. the terminal sends a probe request to the origin server.

202. The origin server returns a response message of the probe request to the terminal.

203. And the terminal sends a cross-domain access request to the source server.

204. The source server returns a response message of the cross-domain access request to the terminal.

According to the process, due to the CORS detection request, the terminal browser needs to acquire the cross-domain resources through the source return request twice, and due to the fact that the detection request is added with one-time request interaction from the browser to the source station, the cross-station interface access performance is greatly affected.

In view of this, the embodiments of the present application provide a method and a network device for cross-domain access, which are used for improving the cross-domain access performance and improving the user experience.

Referring to fig. 3, an embodiment of the present application proposes a cross-domain access method 300. The method 300 may be applied to the scenario shown in fig. 1, where the CDN edge server of the content delivery network corresponds to the CDN edge server 200 shown in fig. 1, and the terminal corresponds to the terminal 100 shown in fig. 1, and the method 300 includes steps S301 to S303.

S301, a CDN edge server intercepts a detection request of cross-domain access sent by a terminal;

the CDN edge server intercepts a detection request of cross-domain access sent by a terminal. For a request sent by a terminal, the CDN edge server may intercept based on the type of access method in the request, where the access method may be various types of HTTP methods.

It should be noted that the HTTP method includes HEAD, GET, POST, PUT, DELETE, PATCH, or OPTIONS, etc., where when the terminal browser initiates the cross-domain access, the CORS probe request, specifically the OPTIONS request, will be triggered because the homology policy is not satisfied.

In one possible implementation manner, the CDN edge server receives a first hypertext transfer protocol http request sent by the terminal, intercepts the request if the CDN edge server determines that the access method is OPTIONS, and continues to request the source server according to the original path if the access method is not OPTIONS, for example, a POST request. The header of the probe request is marked with an http method and a request header in cross-domain access, and the probe request is used for checking whether the source server can allow the subsequent cross-domain access.

S302, the CDN edge server determines safety setting information of the source server corresponding to the cross-domain access according to the detection request;

and the CDN edge server determines the security setting information corresponding to the resources of the cross-domain access request according to the detection request. The security setting information includes one or more of the following:

an identity credential references field indicating whether cross-domain access is allowed;

a header field, the header field indicating a request header that is portable for cross-domain access;

a resource access domain origin field, the origin field indicating a front end domain name for which access is allowed;

the access methods field indicates the access methods that are allowed to be used.

In one possible implementation, the CDN edge server determines a ingredients field, a headers field, an origin field, and a methods field.

Optionally, the CDN edge server may also set other fields, such as the validity time of the security setting information.

In one possible implementation, the CDN edge server sets a response header of the response message of the probe request according to the security setting information.

Optionally, the CDN edge server stores a cross-domain access list including access relationships between pairs of domain names that are allowed to be accessed. And the CDN edge server sets security setting information according to the detection request and the cross-domain access list.

For example, the probe request may carry a first domain name corresponding to the display page of the terminal browser, for example aa.com, and a second domain name corresponding to the page resource required for displaying the page, for example: bb.aa.com. If the access relationship of aa.com access bb.aa.com is stored in the cross-domain access list, the CDN edge server sets security setting information as:

Access-Control-alloy-Credentials, true, identification allows cross-domain;

Access-Control-Low-Headers, such as Content-Type, app id, user id;

Access-Control-alloy-Origin, such as aa.com;

Access-Control-Low-Methods, e.g., POST, PUT, GET, OPTIONS, DELETE.

S303, the CDN edge server returns a response message of the probe request to the terminal, wherein the response message of the probe request carries security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request.

The CDN edge server sets a response header of the response message based on the security setting information determined in step S302, and transmits the response message to the terminal.

Therefore, the CDN edge server is returned nearby based on the detection request, the source is not required to be returned to the source station, the interface performance is improved, and the user website use experience is improved. Under the condition of the split site deployment of the domestic business out-of-sea scene, the performance loss caused by the detection request is reduced to the maximum extent.

Further, the CDN edge server can acquire a cross-domain access request sent by a subsequent terminal, forward the cross-domain access request to the source server, forward the resource returned by the source server to the terminal, and complete the request call of https:// bb.aa.com/xxx. The specific implementation process can be described briefly below with reference to the prior art:

the terminal judges the condition based on the security setting information carried in the response message returned by the CDN edge server, if the cross-domain request meets the requirement of the security setting information, the terminal can continuously initiate the cross-domain access request, and if the condition corresponding to one or more fields in the security setting information is not met, the terminal browser can not continuously initiate the cross-domain access request.

It should be noted that, for the cross-domain access request (e.g. https:// bb. Aa. Com/yyy) of different interface paths, the browser will initiate the OPTIONS request again, and the CDN edge server processes based on the cross-domain method described above. Because the cross-domain access requests all display the actual request paths, the situation that the service problems are difficult to locate is avoided.

Another embodiment of the cross-domain access method provided by the embodiment of the present application is described below with reference to fig. 4.

Referring to fig. 4, an embodiment of the present application proposes a cross-domain access method 400. The method 400 may be applied in the scenario shown in fig. 1, where the content delivery network CDN edge server corresponds to the CDN edge server 200 shown in fig. 1, and the terminal corresponds to the terminal 100 shown in fig. 1, and the method 400 includes steps 401 to 404.

401. And the terminal sends a detection request to the CDN edge server.

The terminal browser responds to the user request to display the page, and in a part of scenes, the page to be displayed of the domain name A refers to the page resource of the domain name B, for example, in the out-of-sea service, part of the resources cannot be deployed on the CDN edge server due to various reasons and are located on the source server, and the browser needs to acquire the resources located on the source server in a cross-station mode. Based on the homology policy, the browser does not allow cross-domain invocation of resources under other domain names, e.g. the program under aa.com domain name cannot directly get the resources under bb.aa.com domain name. The CORS mechanism can be used for solving the cross-domain access problem, and the scheme is realized based on the CORS mechanism.

When the terminal browser initiates cross-domain access, a CORS detection request is triggered, and specifically, the request method of the detection request is an OPTIONS request.

For example, the request header of the OPTIONS request carries information of aa.com domain name and bb.aa.com domain name.

402. The CDN edge server returns a response message of the probe request to the terminal.

In the cross-domain access method provided by the embodiment of the application, the CDN edge server receives various http requests sent by the terminal, and if the request method for judging the http requests based on the request header is an OPTIONS request, the request is intercepted, namely the request is not forwarded to the source server.

In one possible implementation, the CDN edge server sets a response header according to preset security setting information for all intercepted OPTIONS requests, and returns a response message of the probe request to the terminal.

For example, the following four parameters are set:

Access-Control-Low-Credentials, true, indicating https:// bb.aa.com/domain name allows cross-domain Access;

Access-Control-lower-Headers, content-Type, app id, userid, the request header representing the request for limiting the cross-domain request can only contain three values of Content-Type, app id, userid;

Access-Control-alloy-Origin, https:// aa.com, means an interface under the name of allowing https:// aa.com cross-domain Access https:// bb.aa.com/domain;

Access-Control-Low-Methods, POST, PUT, GET, OPTIONS or DELETE, represent that the Access method for restricting cross-domain Access requests can only be: POST, PUT, GET, OPTIONS or DELETE.

In another possible implementation manner, the CDN edge server determines security setting information corresponding to a preset bb.aa.com domain name based on information of the aa.com domain name and the bb.aa.com domain name carried in a request header of the OPTIONS request, sets a response header of a response message of the probe request based on the security setting information, and returns the response message of the probe request to the terminal.

403. And the terminal sends a cross-domain access request to the source server.

404. The source server returns a response message of the cross-domain access request to the terminal.

The processing manners from step 403 to step 404 are identical to the existing manner, and will not be described here again.

The cross-domain access method provided by the present application is described above, and the following description is made on a CDN edge server implementing the cross-domain access method, referring to fig. 5, which is a schematic diagram of an embodiment of the CDN edge server in an embodiment of the present application.

The application provides a CDN edge server, which comprises: an interception module 501, configured to intercept a detection request of cross-domain access sent by a terminal; a determining module 502, configured to determine security setting information of the source server corresponding to the cross-domain access according to the probe request; a transceiver module 503, configured to return a response message of the probe request to the terminal, where the response message of the probe request carries the security setting information, and the security setting information is used to instruct the terminal to send a cross-domain access request.

In one possible implementation, the transceiver module 503 is further configured to: receiving the cross-domain access request sent by the terminal, wherein the head of the cross-domain access request is set based on the security setting information; forwarding the cross-domain access request to the source server; and receiving and forwarding a response message of the cross-domain access request to the terminal.

In one possible implementation, the security setting information includes one or more of the following fields: an identity credential references field indicating whether cross-domain access is allowed; a header field, the header field indicating a request header that the cross-domain access request can carry; a resource access domain origin field indicating a front end domain name for which access is allowed; an access server methods field indicating the access server that is allowed to be used.

In one possible implementation, the server further includes: a setting module 504, configured to set, before the response message of the probe request is returned to the terminal, a response header of the response message of the probe request according to the security setting information.

In one possible implementation manner, the determining module 502 is specifically configured to: and determining the security setting information according to the head information of the detection request and a cross-domain access list.

In one possible implementation, the cross-domain access list includes access relationships between pairs of domain names that are allowed to be accessed; the setting module 504 is specifically configured to: and if the access relation between the source domain name and the destination domain name of the cross-domain access is stored in the cross-domain access list, setting a creatals field in the cross-domain information as permission.

In one possible implementation, the transceiver module 503 is further configured to: receiving a first hypertext transfer protocol (HTTP) request sent by the terminal; the interception module 501 is specifically configured to: and if the request server of the first http request is an options request, intercepting the first http request.

It should be understood that the above division of the units of the bus node is merely a division of a logic function, and may be fully or partially integrated into a physical entity or may be physically separated. And these units may all be implemented in the form of software calls through the processing element; or can be realized in hardware; it is also possible that part of the units are implemented in the form of software, which is called by the processing element, and part of the units are implemented in the form of hardware. For example, the above units may be one or more integrated circuits configured to implement the above methods, such as: one or more specific integrated circuits (application specific integrated circuit, ASIC), or one or more microprocessors (digital singnal processor, DSP), or one or more field programmable gate arrays (field programmable gate array, FPGA), or the like. For another example, when a unit above is implemented in the form of a processing element scheduler, the processing element may be a general purpose processor, such as a central processing unit (central processing unit, CPU) or other processor that may invoke the program. For another example, the units may be integrated together and implemented in the form of a system-on-a-chip (SOC).

Referring to fig. 6, another embodiment of a CDN edge server according to an embodiment of the present application is shown;

the CDN edge server provided in this embodiment may be a physical device, or may be a virtual device deployed on a physical device. When a node is a virtual device, multiple nodes may be carried on the same physical device. The physical device may be a physical server, a workstation, a mobile station, a general purpose computer, etc., and the specific device configuration is not limited in the embodiment of the present application.

The CDN edge server 600 may vary considerably in configuration or performance and may include one or more processors 601 and memory 602, where the memory 602 stores programs or data.

The memory 602 may be volatile or nonvolatile. The processor 601 is optionally one or more central processing units (central processing unit, CPU), which may be a single-core CPU or a multi-core CPU. The processor 601 may be in communication with the memory 602, executing a series of instructions in the memory 602 on the CDN edge server 600.

The CDN edge server 600 also includes one or more wired or wireless network interfaces 603, such as an ethernet interface.

Optionally, although not shown in fig. 6, CDN edge server 600 may also include one or more power supplies; the input/output interface may be used to connect a display, a mouse, a keyboard, a touch screen device, a sensing device, or the like, and the input/output interface may be an optional component, may or may not be present, and is not limited herein.

The flow executed by the processor 601 in the CDN edge server 600 in this embodiment may refer to the method flow described in the foregoing method embodiment, and will not be described herein.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims

1. A cross-domain access method, applied to a CDN edge server of a content delivery network, the method comprising:

intercepting a detection request of cross-domain access sent by a terminal;

determining the security setting information of the source server corresponding to the cross-domain access according to the detection request;

and returning a response message of the detection request to the terminal, wherein the response message of the detection request carries the security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request.

2. The method according to claim 1, wherein the method further comprises:

receiving the cross-domain access request sent by the terminal, wherein the head of the cross-domain access request is set based on the security setting information;

forwarding the cross-domain access request to the source server;

and receiving and forwarding a response message of the cross-domain access request to the terminal.

3. A method according to claim 1 or 2, characterized in that,

the security setting information includes one or more of the following fields:

a header field, the header field indicating a request header that the cross-domain access request can carry;

a resource access domain origin field indicating a front end domain name for which access is allowed;

an access method fields indicating the access methods allowed to be used.

4. A method according to any of claims 1 to 3, characterized in that before said returning a response message to the probe request to the terminal, the method further comprises:

and setting a response header of the response message of the probe request according to the security setting information.

5. The method according to any one of claims 1 to 4, wherein the determining security setting information of the source server corresponding to the cross-domain access according to the probe request includes:

and determining the security setting information according to the head information of the detection request and a cross-domain access list.

6. The method of claim 5, wherein the cross-domain access list includes access relationships between pairs of domain names that are allowed to be accessed;

setting the cross-domain information according to the head information of the probe request and a cross-domain access list, including:

and if the access relation between the source domain name and the destination domain name of the cross-domain access is stored in the cross-domain access list, setting a creatals field in the cross-domain information as permission.

7. The method according to any one of claims 1 to 6, wherein the intercepting the probe request for cross-domain access sent by the terminal includes:

receiving a first hypertext transfer protocol (HTTP) request sent by the terminal;

and if the request method of the first http request is an options request, intercepting the first http request.

8. A CDN edge server, the server comprising:

the interception module is used for intercepting a detection request of cross-domain access sent by the terminal;

the determining module is used for determining the security setting information of the source server corresponding to the cross-domain access according to the detection request;

the receiving and transmitting module is used for returning a response message of the detection request to the terminal, the response message of the detection request carries the security setting information, and the security setting information is used for indicating the terminal to send a cross-domain access request.

9. The server of claim 8, wherein the transceiver module is further configured to:

forwarding the cross-domain access request to the source server;

10. The server according to claim 8 or 9, wherein the security setting information comprises one or more of the following fields:

an access server methods field indicating the access server that is allowed to be used.

11. The server according to any one of claims 8 to 10, characterized in that the server further comprises:

and the setting module is used for setting a response header of the response message of the detection request according to the security setting information before the response message of the detection request is returned to the terminal.

12. The server according to any one of claims 8 to 11, wherein the determining module is specifically configured to:

13. The server of claim 12, wherein the cross-domain access list includes access relationships between pairs of domain names that are allowed to be accessed;

the setting module is specifically configured to:

14. The server according to any one of claims 8 to 13, wherein the transceiver module is further configured to:

the interception module is specifically configured to:

and if the request server of the first http request is an options request, intercepting the first http request.

15. A CDN edge server, comprising:

a memory having computer readable instructions stored therein;

a processor coupled to the memory, the computer readable instructions, when executed by the processor, cause the network device to implement the method of any one of claims 1 to 7.

16. A computer program product comprising computer readable instructions which, when run on a computer, cause the computer to perform the method of any of claims 1 to 7.

17. A computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 7.

18. A content delivery network system comprising a CDN edge server for performing the method of any one of claims 1 to 7.