跨域問題有前臺跨域（iframe間）和后臺跨域。

前臺跨域的解決方案可以采用跨域文檔通訊（Cross domain message）

詳細見: http://www.cnblogs.com/rainman/archive/2011/02/20/1959325.html

后臺跨域解決方案采用跨域資源共享（CORS：Cross-origin resource sharing）

理論方面詳見阮老師的博客：http://www.ruanyifeng.com/blog/2016/04/cors.html

Java 后臺處理CORS代碼示例：

package filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet Filter implementation class CORSFilter
 */
@WebFilter("/*")
public class CORSFilter implements Filter {

    /**
     * Default constructor. 
     */
    public CORSFilter() {
    // TODO Auto-generated constructor stub
    }

    /**
     * @see Filter#destroy()
     */
    public void destroy() {
        // TODO Auto-generated method stub
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
//      HttpServletRequest request = (HttpServletRequest) servletRequest;
        // 指定允許其他域名訪問
        response.setHeader("Access-Control-Allow-Origin", "*");
        // 響應類型
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, OPTIONS, DELETE");
        // 響應頭設置
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, x-requested-with, X-Custom-Header, HaiYi-Access-Token");
            // if ("OPTIONS".equals(request.getMethod())){
            // // response.setStatus(HttpStatus.SC_NO_CONTENT);
            // }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    /**
     * @see Filter#init(FilterConfig)
     */
    public void init(FilterConfig fConfig) throws ServletException {
        // TODO Auto-generated method stub
    }

}

NodeJS CORS 處理代碼

//創(chuàng)建一個服務
var httpServer = http.createServer(processRequest);

//在指定的端口監(jiān)聽服務
httpServer.listen(port,function(){
    console.log("[HttpServer][Start]","runing at http://"+ip+":"+port+"/");
    console.timeEnd("[HttpServer][Start]");
});

httpServer.on("error", function(error) {
    console.error(error);
});

/**
 * 請求處理
 * @param request
 * @param response
 */
function processRequest(request,response){
    var requestUrl = request.url;
    var pathName = url.parse(requestUrl).pathname;

    //對請求的路徑進行解碼，防止中文亂碼
    pathName = decodeURI(pathName);

    //獲取資源文件的相對路徑
    var filePath = "public" + pathName;

    filePath = path.join(projectPath, filePath);

    //獲取對應文件的文檔類型
    var contentType = getContentType(filePath);

    console.log(contentType);
    console.log(filePath);

    response.setHeader("content-type", contentType);
    response.setHeader('Access-Control-Allow-Origin', '*');
    response.setHeader('Access-Control-Allow-Credentials', true);

    //如果文件名存在
    fs.access(filePath, function(err){
        if(!err){
            fs.readFile(filePath, 'utf-8', function(err, bytes){
                //讀取失敗
                if(err){
                    response.write(getErrorJson(`讀取${pathName}文件失敗！`));
                    response.end();
                    throw new Error("讀取文件失敗");
                }

                //返回文件內(nèi)容
                var data = JSON.parse(bytes);
                response.write(JSON.stringify(data));
                response.end();
            });

        }else { //文件名不存在的情況
            response.write(JSON.stringify(getErrorJson(`${pathName}文件不存在！`)));
            response.end();
        }
    });
}