WO2023231848A1 - Procédé d'accès inter-domaine et serveur de périphérie de réseau de distribution de contenu - Google Patents

Procédé d'accès inter-domaine et serveur de périphérie de réseau de distribution de contenu Download PDF

Info

Publication number
WO2023231848A1
WO2023231848A1 PCT/CN2023/095917 CN2023095917W WO2023231848A1 WO 2023231848 A1 WO2023231848 A1 WO 2023231848A1 CN 2023095917 W CN2023095917 W CN 2023095917W WO 2023231848 A1 WO2023231848 A1 WO 2023231848A1
Authority
WO
WIPO (PCT)
Prior art keywords
cross
request
domain
access
domain access
Prior art date
Application number
PCT/CN2023/095917
Other languages
English (en)
Chinese (zh)
Inventor
黄中举
李林锋
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023231848A1 publication Critical patent/WO2023231848A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • This application relates to the field of communication technology, and in particular, to a cross-domain access method and a content distribution network edge server.
  • CDN Content delivery network
  • edge servers deployed in various places to enable users to obtain the content they need nearby to reduce network congestion and improve user access response. Speed and hit rate.
  • Chinese companies have begun to implement overseas strategies, deploying services to different overseas regions to provide services to local people. Due to reasons such as privacy data protection or laws and regulations, in overseas business scenarios, some data cannot be deployed on the edge server, but still needs to be returned to the source server to obtain it. Some resource requests from the terminal browser have cross-site calls.
  • the terminal Based on the browser's same origin policy, before the terminal sends a cross-domain resource request, it needs to initiate a detection request to the source server to obtain the security configuration information of the source server. Due to the long physical distance between the terminal and the source server in overseas business, the delay in initiating a request to the source server is long.
  • the terminal makes a detection request before each request for resources from the source server, which will increase the user's waiting time and affect the user experience. .
  • the terminal caches the acquired cross-domain information locally after initiating the first detection request.
  • Probe requests pointing to the same interface path are no longer triggered repeatedly.
  • the gateway on the source server side has a unified interface path, resource requests that actually point to different source servers are displayed as the same name in the request path, and the real request path cannot be easily identified, which may make it difficult to locate business problems.
  • This application provides a cross-domain access method and content distribution network edge server, which can reduce user waiting time and improve user experience.
  • the first aspect of this application provides a cross-domain access method, which is applied to a content distribution network CDN edge server.
  • the method includes: intercepting a detection request for cross-domain access sent by a terminal; determining the cross-domain access based on the detection request. Access the security setting information of the corresponding source server; return a response message of the detection request to the terminal, where the response message of the detection request carries the security setting information, and the security setting information is used to instruct the terminal to send a cross- Domain access request.
  • the edge server in the content distribution network intercepts and responds to the detection request from the terminal browser, and the response message returned to the terminal carries security setting information to instruct the terminal to send cross-domain access. request, it can avoid the detection request returning to the source, thereby reducing the delay caused by the detection request returning to the origin, reducing the user waiting time and improving the user experience. It also avoids the problem of being difficult to locate when there is a problem with the services brought by the unified interface path of the gateway on the source server side.
  • the method further includes: receiving the cross-domain access request sent by the terminal, the header of the cross-domain access request being set based on the security setting information;
  • the source server forwards the cross-domain access request; receives and forwards a response message to the cross-domain access request to the terminal.
  • the response message returned by the edge server to the terminal carries security setting information.
  • the terminal can determine whether to send a cross-domain access request based on the security setting information.
  • the security setting information includes one or more of the following fields: a credentials field indicating whether cross-domain access is allowed; a headers field indicating whether cross-domain access is allowed; The headers field indicates the request headers that can be carried by the cross-domain access request; the resource access domain origin field indicates the front-end domain name that is allowed to be accessed; the access method methods field indicates the access methods that are allowed to be used.
  • the cross-domain access method provided by this application can determine the specific fields included in the security setting information according to the actual application scenario.
  • the security setting information includes the credentials field, headers field, origin field and methods field.
  • the method before returning the response message of the detection request to the terminal, the method further includes: setting the response of the response message of the detection request according to the security setting information. head.
  • determining the security setting information of the source server corresponding to the cross-domain access based on the detection request includes: based on the header information of the detection request and the cross-domain access The list identifies the security settings information.
  • the edge server can preset a cross-domain access list, which can be set and maintained by developers, or the cross-domain access list can be obtained through other methods and stored in the edge server.
  • the cross-domain access list includes an access relationship between pairs of domain names that are allowed to be accessed; the cross-domain access list is set according to the header information of the detection request and the cross-domain access list.
  • the information includes: if the access relationship between the source domain name and the destination domain name of the cross-domain access is stored in the cross-domain access list, setting the credentials field in the cross-domain information to allow.
  • the cross-domain access method provided by this application determines the source domain name and destination domain name of cross-domain access according to the header information of the detection request, as well as the access relationship. For example, the first domain name accesses the second domain name, and then searches in the cross-domain access list. If it matches, set the credentials field to allow.
  • the intercepting the cross-domain access detection request sent by the terminal includes: receiving the first Hypertext Transfer Protocol http request sent by the terminal; if the first http request If the request method is options request, intercept the first http request.
  • the edge server can judge based on the request method of the http request, intercept options requests, and allow other request methods such as post requests. This allows detection requests to be intercepted and cross-domain access requests to return to the source normally.
  • a second aspect of the present application provides a CDN edge server.
  • the server includes: an interception module, configured to intercept a detection request for cross-domain access sent by a terminal; and a determination module, configured to determine the cross-domain access based on the detection request. Access the security setting information of the corresponding source server; a transceiver module configured to return a response message of the detection request to the terminal, where the response message of the detection request carries the security setting information, and the security setting information is used to indicate Said end
  • the client sends a cross-domain access request.
  • the transceiver module is further configured to: receive the cross-domain access request sent by the terminal, and the header of the cross-domain access request is set based on the security setting information. ; Forward the cross-domain access request to the source server; receive and forward the response message of the cross-domain access request to the terminal.
  • the security setting information includes one or more of the following fields: an identity credentials field indicating whether cross-domain access is allowed; a headers field indicating whether cross-domain access is allowed; The headers field indicates the request headers that can be carried by the cross-domain access request; the resource access domain origin field indicates the front-end domain name that is allowed to be accessed; the access server methods field indicates the access server that is allowed to be used.
  • the server further includes: a setting module configured to set the security setting information according to the security setting information before returning the response message of the detection request to the terminal.
  • the response header of the response message of the probe request is configured to set the security setting information according to the security setting information before returning the response message of the detection request to the terminal.
  • the determination module is specifically configured to determine the security setting information according to the header information of the detection request and the cross-domain access list.
  • the cross-domain access list includes an access relationship between pairs of domain names that are allowed to be accessed; the setting module is specifically configured to: if the source domain name of the cross-domain access and If the access relationship of the destination domain name is stored in the cross-domain access list, then the credentials field in the cross-domain information is set to allow.
  • the transceiver module is further configured to: receive the first Hypertext Transfer Protocol http request sent by the terminal; the interception module is specifically configured to: if the first If the request server of the http request is an options request, the first http request will be intercepted.
  • this application provides a CDN edge server, including: one or more processors and a memory; wherein computer-readable instructions are stored in the memory; and the one or more processors read the Computer readable instructions to cause the CDN edge server to execute the method described in any one of the above first aspect and various possible implementations.
  • a fourth aspect of the present application provides a computer program product containing instructions that, when run on a computer, cause the computer to execute the method described in any one of the above first aspect and various possible implementations.
  • the fifth aspect of the present application provides a computer-readable storage medium, including instructions.
  • the instructions When the instructions are run on a computer, they cause the computer to execute the method described in any one of the above-mentioned first aspect and various possible implementations. method.
  • a sixth aspect of this application provides a chip including a processor.
  • the processor is used to read and execute the computer program stored in the memory to perform the method in any possible implementation of any of the above aspects.
  • the chip should include a memory, and the memory and the processor are connected to the memory through circuits or wires.
  • the chip also includes a communication interface, and the processor is connected to the communication interface.
  • the communication interface is used to receive data and/or information that needs to be processed.
  • the processor obtains the data and/or information from the communication interface, processes the data and/or information, and outputs the processing results through the communication interface.
  • the communication interface may be an input-output interface.
  • the cross-domain access method and CDN edge server provided by this application can block detection requests from terminal browsers. After intercepting the response, the response message returned to the terminal carries security setting information, which is used to instruct the terminal to send a cross-domain access request, which can avoid the detection request returning to the origin, thereby reducing the delay caused by the detection request returning to the origin, and can reduce User waiting time improves user experience. It also avoids the problem of being difficult to locate when there is a problem with the services brought by the unified interface path of the gateway on the source server side.
  • Figure 1 is an application scenario architecture diagram of the cross-domain access method provided by the embodiment of this application.
  • Figure 2 is a schematic diagram of the existing cross-domain access method
  • Figure 3 is a schematic diagram of an embodiment of the cross-domain access method in the embodiment of the present application.
  • Figure 4 is a schematic diagram of another embodiment of the cross-domain access method in the embodiment of the present application.
  • FIG. 5 is a schematic diagram of an embodiment of the CDN edge server in the embodiment of this application.
  • Figure 6 is a schematic diagram of another embodiment of the CDN edge server in the embodiment of the present application.
  • This application provides a cross-domain access method and content distribution network edge server, which can reduce user waiting time and improve user experience.
  • CDN Content delivery network
  • CDN is an intelligent virtual network built on the existing network. It relies on edge servers deployed in various places and uses the load balancing, content distribution, scheduling and other functional modules of the central platform to enable users to obtain the content they need nearby and reduce network congestion. Improve user access response speed and hit rate.
  • Cross-domain problems originate from the browser's same-origin policy, which is a security policy built into the browser.
  • the so-called same-origin means that the protocol, domain name, and port are all the same.
  • a detection request will be attached. If the same-origin policy specified in the response message of the detection request is not met, the operation will be blocked by the browser.
  • the standard solution to solve the same origin problem is cross-domain resource sharing.
  • Cross-origin resource sharing checks whether the server will allow the real request to be sent through the "preflight" mechanism, which uses the browser to initiate a preflight request (or probe request) to the cross-domain resource hosted by the server.
  • preflight the headers sent by the browser are marked with HTTP methods and headers used in real cross-domain requests.
  • the scene architecture includes: terminal 100, CDN edge server 200 and origin server 300.
  • the terminal 100 is directly connected to the CDN edge server 200 through a communication network, and the CDN edge server 200 is directly connected or relayed to the origin server 300 .
  • the physical distance between the CDN edge server 200 and the origin server 300 is relatively long, and they are often connected through dedicated lines to reduce transmission delays.
  • the terminal 100 includes various forms of user terminals, such as mobile phones, personal computers, tablets, wearable devices and other network devices.
  • the terminal browser when the terminal browser discovers a non-original request (i.e., a cross-domain request), because it does not meet the same-origin policy, the browser will be triggered to send a CORS detection request to check whether the origin server will allow the request to be sent.
  • a non-original request i.e., a cross-domain request
  • the browser will be triggered to send a CORS detection request to check whether the origin server will allow the request to be sent.
  • Real cross-domain request Real cross-domain request.
  • the terminal sends a detection request to the source server.
  • the source server returns a response message of the detection request to the terminal.
  • the terminal sends a cross-domain access request to the source server.
  • the source server returns a response message of the cross-domain access request to the terminal.
  • the terminal browser needs to go through two back-to-origin requests to obtain cross-domain resources. Since the detection request adds a request interaction from the browser to the origin site, it greatly affects the cross-site Interface access performance.
  • embodiments of the present application provide a cross-domain access method and network device to improve cross-domain access performance and user experience.
  • the content distribution network CDN edge server intercepts the detection request for cross-domain access sent by the terminal. For requests sent by the terminal, the CDN edge server can intercept based on the type of access method in the request.
  • the access method can be various types of HTTP methods.
  • HTTP methods include HEAD, GET, POST, PUT, DELETE, PATCH, or OPTIONS, etc.
  • OPTIONS OPTIONS
  • the CDN edge server receives the first Hypertext Transfer Protocol http request sent by the terminal. If the CDN edge server determines that the access method is OPTIONS, it intercepts the request. If the access method is not OPTIONS, For example, POST requests are not intercepted and continue to request the source server according to the original path. The header of this probe request is marked with the http method and request header in cross-domain access. This probe request is used to check whether the source server will allow subsequent cross-domain access.
  • the CDN edge server determines the security setting information of the source server corresponding to the cross-domain access according to the detection request;
  • the credentials field indicates whether cross-domain access is allowed
  • the headers field indicates the request headers that can be carried for cross-domain access
  • the CDN edge server determines the credentials field, headers field, origin field and methods field.
  • the CDN edge server can also set other fields, such as the validity time of the security setting information.
  • the CDN edge server stores a cross-domain access list, including access relationships between domain name pairs that are allowed to be accessed.
  • the CDN edge server sets security setting information based on the detection request and the cross-domain access list.
  • the detection request may carry the first domain name corresponding to the page displayed by the terminal browser, such as aa.com, and the second domain name corresponding to the page resources required to display the page, such as: bb.aa.com. If the access relationship between aa.com and bb.aa.com is stored in the cross-domain access list, the CDN edge server security setting information is:
  • Access-Control-Allow-Credentials if true, indicates that cross-domain is allowed
  • Access-Control-Allow-Headers such as Content-Type, app id, user id;
  • Access-Control-Allow-Origin such as aa.com
  • the CDN edge server returns a response message to the detection request to the terminal.
  • the response message to the detection request carries security setting information.
  • the security setting information is used to instruct the terminal to send a cross-domain access request.
  • the CDN edge server sets the response header of the response message based on the security setting information determined in step S302, and sends the response message to the terminal.
  • the CDN edge server can obtain the cross-domain access request sent by the subsequent terminal and forward it to the origin server, and forward the resources returned by the origin server to the terminal to complete the request call of https://bb.aa.com/xxx.
  • the specific implementation process can refer to the existing technology, which is briefly introduced below:
  • the terminal makes a conditional judgment based on the security setting information carried in the response message returned by the CDN edge server. If the cross-domain request meets the requirements of the security setting information, the terminal can continue to initiate a cross-domain access request. If there are one or more security setting information If the conditions corresponding to the fields are not met, the terminal browser will not continue to initiate cross-domain access requests.
  • cross-domain access requests with different interface paths (for example, https://bb.aa.com/yyy)
  • the browser will initiate an OPTIONS request again, and the CDN edge server will process it based on the aforementioned cross-domain method. Since cross-domain access requests display the actual request path, this avoids the difficulty of locating business problems.
  • the edge server in the content distribution network intercepts and responds to the detection request from the terminal browser, and the response message returned to the terminal carries security setting information to instruct the terminal to send cross-domain access. request, it can avoid the detection request returning to the source, thereby reducing the delay caused by the detection request returning to the origin, reducing the user waiting time and improving the user experience. It also avoids the problem of being difficult to locate when there is a problem with the services brought by the unified interface path of the gateway on the source server side.
  • this embodiment of the present application proposes a cross-domain access method 400.
  • the method 400 can be applied to the scenario shown in Figure 1, where the content distribution network CDN edge server is equivalent to the CDN edge server 200 shown in Figure 1, and the terminal is equivalent to the terminal 100 shown in Figure 1.
  • the method 400 includes Steps 401-404.
  • the terminal sends a detection request to the CDN edge server.
  • the terminal browser displays the page in response to the user's request.
  • the page to be displayed in domain name A refers to the page resources of domain name B.
  • some resources cannot be deployed on the CDN edge server due to various reasons, but are located on the source server.
  • the browser needs to cross-site obtain resources located on the origin server.
  • browsers do not allow cross-domain calls to resources under other domain names.
  • programs under the aa.com domain name cannot directly obtain resources under the bb.aa.com domain name.
  • the CORS mechanism can be used to solve cross-domain access problems. This solution is implemented based on the CORS mechanism.
  • a CORS detection request is triggered.
  • the request method of the detection request is an OPTIONS request.
  • the request header of the OPTIONS request carries information about the aa.com domain name and the bb.aa.com domain name.
  • the CDN edge server returns a response message of the detection request to the terminal.
  • the CDN edge server receives various http requests sent by the terminal. If it is determined based on the request header that the request method of the http request is an OPTIONS request, the request will be intercepted, that is, the request will not be forwarded to the source server. Forward the request.
  • the CDN edge server sets response headers according to the preset security setting information for all intercepted OPTIONS requests, and returns a response message of the detection request to the terminal.
  • Access-Control-Allow-Credentials indicates that the https://bb.aa.com/ domain name allows cross-domain access;
  • Access-Control-Allow-Headers which is Content-Type, appid, and userid, indicates that the request header of cross-domain requests can only contain three values: Content-Type, appid, and userid;
  • Access-Control-Allow-Origin which is https://aa.com, means that https://aa.com is allowed to access the interface under the domain name https://bb.aa.com/ across domains;
  • Access-Control-Allow-Methods which is POST, PUT, GET, OPTIONS or DELETE, indicates that the access method that restricts cross-domain access requests can only be: POST, PUT, GET, OPTIONS or DELETE.
  • the CDN edge server determines the security setting information corresponding to the preset bb.aa.com domain name based on the information of the aa.com domain name and the bb.aa.com domain name carried in the request header of the OPTIONS request. , based on the security setting information, set the response header of the response message of the detection request, and return the response message of the detection request to the terminal.
  • the terminal sends a cross-domain access request to the source server.
  • the source server returns the response message of the cross-domain access request to the terminal.
  • steps 403 to 404 are consistent with the existing methods and will not be described again here.
  • the server includes: an interception module 501, used to intercept the cross-domain access detection request sent by the terminal; a determination module 502, used to determine the cross-domain access corresponding to the detection request.
  • the security setting information of the source server; the transceiver module 503 is configured to return a response message of the detection request to the terminal, the response message of the detection request carries the security setting information, and the security setting information is used to indicate the The above terminal sends a cross-domain access request.
  • the transceiver module 503 is further configured to: receive the cross-domain access request sent by the terminal, the header of the cross-domain access request being set based on the security setting information; The source server forwards the cross-domain access request; receives and forwards a response message of the cross-domain access request to the terminal.
  • the security setting information includes one or more of the following fields: identity credentials field, the credentials field indicates whether cross-domain access is allowed; headers field, the headers field indicates The cross-domain access request can carry a request header; a resource access domain origin field, the origin field indicates the front-end domain name that is allowed to be accessed; and the access server methods field, the methods field indicates the access server that is allowed to be used.
  • the server further includes: a setting module 504, configured to set the value of the detection request according to the security setting information before returning the response message of the detection request to the terminal. Response headers of the response message.
  • the determination module 502 is specifically configured to determine the security setting information according to the header information of the detection request and the cross-domain access list.
  • the cross-domain access list includes an access relationship between pairs of domain names that are allowed to be accessed; the setting module 504 is specifically used to: if the source domain name and destination domain name of the cross-domain access are If the access relationship is stored in the cross-domain access list, then the credentials field in the cross-domain information is set to allow.
  • the transceiver module 503 is also used to: receive the first Hypertext Transfer Protocol http request sent by the terminal; the interception module 501 is specifically used to: if the first http request If the request server is an options request, it intercepts the first http request.
  • each unit of the bus node is only a division of logical functions. In actual implementation, it can be fully or partially integrated into a physical entity, or it can be physically separated. And these units can all be implemented in the form of software calling through processing elements; they can also all be implemented in the form of hardware; some units can also be implemented in software through processing elements. It is implemented in the form of management component calls, and some units are implemented in the form of hardware.
  • the above units may be one or more integrated circuits configured to implement the above methods, such as: one or more application specific integrated circuits (ASICs), or one or more microprocessors (digital signal processor, DSP), or one or more field programmable gate arrays (field programmable gate array, FPGA), etc.
  • ASICs application specific integrated circuits
  • DSP digital signal processor
  • FPGA field programmable gate array
  • the processing element can be a general-purpose processor, such as a central processing unit (CPU) or other processors that can call programs.
  • CPU central processing unit
  • these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
  • Figure 6 is a schematic diagram of another embodiment of the CDN edge server in the embodiment of the present application.
  • the CDN edge server provided in this embodiment may be a physical device or a virtual device deployed on the physical device.
  • the node is a virtual device, multiple nodes can be hosted on the same physical device.
  • the physical device may be a physical server, a workstation, a mobile station, a general-purpose computer, etc., and its specific device form is not limited in the embodiments of this application.
  • the CDN edge server 600 may vary greatly due to different configurations or performance, and may include one or more processors 601 and memory 602, with programs or data stored in the memory 602.
  • the memory 602 can be volatile storage or non-volatile storage.
  • the processor 601 is one or more central processing units (CPUs), which may be single-core CPUs or multi-core CPUs.
  • the processor 601 can communicate with the memory 602 and execute a series of instructions in the memory 602 on the CDN edge server 600.
  • the CDN edge server 600 also includes one or more wired or wireless network interfaces 603, such as an Ethernet interface.
  • the CDN edge server 600 may also include one or more power supplies; one or more input and output interfaces, which may be used to connect a monitor, mouse, keyboard, touch screen device or transmission device. Sensing equipment, etc., the input and output interfaces are optional components, which may or may not exist, and are not limited here.
  • the process executed by the processor 601 in the CDN edge server 600 can refer to the method process described in the foregoing method embodiment, and will not be described again here.
  • the disclosed systems, devices and methods can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented.
  • the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit.
  • the above integrated units can be implemented in the form of hardware or software functional units.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program code. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Des modes de réalisation de la présente demande divulguent un procédé d'accès inter-domaine et un serveur de périphérie de réseau de distribution de contenu, destinés à être utilisés pour améliorer les performances d'une interface. Le procédé fourni par les modes de réalisation de la présente demande consiste à : intercepter une demande de détection pour un accès inter-domaine envoyé par un terminal; déterminer, selon la demande de détection, des informations de réglage de sécurité d'un serveur d'origine correspondant à l'accès inter-domaine; et renvoyer un message de réponse à la demande de détection au terminal, le message de réponse à la demande de détection transportant les informations de réglage de sécurité et les informations de réglage de sécurité étant utilisées pour ordonner au terminal d'envoyer une demande d'accès inter-domaine. Le serveur de périphérie intercepte la demande de détection provenant d'un navigateur de terminal et y répond, de telle sorte que le retard temporel provoqué par le retour à l'origine de la demande de détection peut être raccourci, le temps d'attente d'un utilisateur peut être raccourci et l'expérience d'utilisateur peut être améliorée.
PCT/CN2023/095917 2022-05-31 2023-05-24 Procédé d'accès inter-domaine et serveur de périphérie de réseau de distribution de contenu WO2023231848A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210609390.7A CN117201049A (zh) 2022-05-31 2022-05-31 跨域访问方法和内容分发网络边缘服务器
CN202210609390.7 2022-05-31

Publications (1)

Publication Number Publication Date
WO2023231848A1 true WO2023231848A1 (fr) 2023-12-07

Family

ID=88983719

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/095917 WO2023231848A1 (fr) 2022-05-31 2023-05-24 Procédé d'accès inter-domaine et serveur de périphérie de réseau de distribution de contenu

Country Status (2)

Country Link
CN (1) CN117201049A (fr)
WO (1) WO2023231848A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004040164A (ja) * 2002-06-28 2004-02-05 Nifty Corp アクセス制限情報管理装置、動作条件設定プログラム及びインターネット利用機器
CN103139301A (zh) * 2013-02-05 2013-06-05 华南师范大学 应用于内容分发网络系统中的互联网访问加速方法及装置
US20150143223A1 (en) * 2013-11-15 2015-05-21 Instart Logic, Inc. Method to enable cross-origin resource sharing from a webpage inside a private network
CN105357190A (zh) * 2015-10-26 2016-02-24 网宿科技股份有限公司 访问请求鉴权的方法及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004040164A (ja) * 2002-06-28 2004-02-05 Nifty Corp アクセス制限情報管理装置、動作条件設定プログラム及びインターネット利用機器
CN103139301A (zh) * 2013-02-05 2013-06-05 华南师范大学 应用于内容分发网络系统中的互联网访问加速方法及装置
US20150143223A1 (en) * 2013-11-15 2015-05-21 Instart Logic, Inc. Method to enable cross-origin resource sharing from a webpage inside a private network
CN105357190A (zh) * 2015-10-26 2016-02-24 网宿科技股份有限公司 访问请求鉴权的方法及系统

Also Published As

Publication number Publication date
CN117201049A (zh) 2023-12-08

Similar Documents

Publication Publication Date Title
US10965772B2 (en) Interface invocation method and apparatus for hybrid cloud
CN109561141B (zh) 一种cdn节点的选择方法及设备
WO2020057163A1 (fr) Procédé et dispositif de déploiement d'une plate-forme mec
EP2633667A2 (fr) Système et procédé de conversion de protocole à la volée dans l'obtention d'informations de mise en application de politique
US20130318173A1 (en) Automatically replacing localhost as hostname in url with fully qualified domain name or ip address
CN109413069B (zh) 基于区块链的虚拟网站防火墙的应用方法及装置
WO2020125074A1 (fr) Procédé et dispositif de détermination de taux d'arrivée de messages, serveur de statistiques de données et support de stockage
JP7462757B2 (ja) ネットワークセキュリティ保護方法及び保護デバイス
WO2021042815A1 (fr) Procédé et appareil de capture de code de statut de réacheminement http et dispositif informatique
US11818200B2 (en) Hybrid cloud computing network management with synchronization features across different cloud service providers
US11743319B2 (en) Implementing a queuing system in a distributed network
CN109889468B (zh) 网络数据的传输方法、系统、装置、设备及存储介质
CN110290030A (zh) 网络状态检测方法、装置、电子设备及计算机可读介质
WO2014094240A1 (fr) Méthode, dispositif et système d'interaction d'application internet
CN109495362B (zh) 一种接入认证方法及装置
WO2023231848A1 (fr) Procédé d'accès inter-domaine et serveur de périphérie de réseau de distribution de contenu
WO2023011233A1 (fr) Procédé et appareil de gestion de trafic, dispositif et support de stockage lisible par ordinateur
EP2701068B1 (fr) Système d'accès réseau
US20230188545A1 (en) Adaptive Online Services Access Control
EP4338409A2 (fr) Passerelle tierce de sécurité et de confidentialité
JP6563872B2 (ja) 通信システム、および、通信方法
US11838328B1 (en) Preventing data exfiltration to unsanctioned cloud computing services (CCS) accounts using CCS application programming interfaces
US20230412572A1 (en) Securing metrics in a service mesh
CN111049754B (zh) 数据通信方法、装置、设备和计算机可读存储介质
US20230188546A1 (en) Adaptive Online Service Access Control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23815032

Country of ref document: EP

Kind code of ref document: A1