Javascript iframe 中的自动登录远程站点内部
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11878947/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
auto login remote site inner in iframe
提问by linbo
I have an existing remote site which has Authentication to access, now I want to combine this site in my own site using iframe. Is there any solution which can help to auto login remote site when load the iframe?
我有一个现有的远程站点,可以访问身份验证,现在我想使用 iframe 将此站点合并到我自己的站点中。是否有任何解决方案可以帮助在加载 iframe 时自动登录远程站点?
<iframe src="http://remote.com/list"></iframe>
If want to access http://remote.com/list, login require and only post username/password works. How to auto login when iframe loaded?
如果要访问http://remote.com/list,登录需要并且只发布用户名/密码有效。iframe加载时如何自动登录?
Here are some restriction
这里有一些限制
- login only works with post method
- iframe / javascript has cross domain issue
- no login API provide
- no other modification can do in remote site
- 登录仅适用于 post 方法
- iframe / javascript 有跨域问题
- 没有提供登录API
- 在远程站点无法进行其他修改
回答by Jakub Hubner
Everything's possible. However the solution below is very insecure due to disclosure of access details to the remote page.
一切皆有可能。但是,由于泄露了对远程页面的访问详细信息,以下解决方案非常不安全。
<form id="login" target="frame" method="post" action="http://remote.com/login">
<input type="hidden" name="username" value="login" />
<input type="hidden" name="password" value="pass" />
</form>
<iframe id="frame" name="frame"></iframe>
<script type="text/javascript">
// submit the form into iframe for login into remote site
document.getElementById('login').submit();
// once you're logged in, change the source url (if needed)
var iframe = document.getElementById('frame');
iframe.onload = function() {
if (iframe.src != "http://remote.com/list") {
iframe.src = "http://remote.com/list";
}
}
</script>
The values of usernameand passwordinputs are readable on the client side.
username和password输入的值在客户端是可读的。
回答by pho
Here is my implementation for doing this. This does not solve the cross-domain issue though. For the cross-domain issue, you can try using jQuery's JSONPmethod (I haven't tried combining jQuery with this solution yet).
这是我执行此操作的实现。但这并不能解决跨域问题。对于跨域问题,可以尝试使用 jQuery 的JSONP方法(我还没有尝试过将 jQuery 与此解决方案结合使用)。
<iframe id="MyIFrame" width="400" height="400"></iframe>
<script type="text/javascript">
var iframeURL = 'http://mysite.com/path/applicationPage.aspx';
var iframeID = 'MyIFrame';
function loadIframe(){
//pre-authenticate
var req = new XMLHttpRequest();
req.open("POST",this.iframeURL, false, "username", "password"); //use POST to safely send combination
req.send(null); //here you can pass extra parameters through
//setiFrame's SRC attribute
var iFrameWin = document.getElementById(this.iframeID);
iFrameWin.src = this.iframeURL + "?extraParameters=true";
}
//onload, call loadIframe() function
loadIframe();
</script>
回答by Subir Kumar Sao
If you own the other site then you can try authentication through some token.
如果您拥有其他站点,那么您可以尝试通过一些令牌进行身份验证。
Pass an authorized token to url in the iframe.
将授权令牌传递给 iframe 中的 url。
回答by PhonicUK
Can't be done. Simple as that. The cross domain restrictions are in place quite specifically to stop you from being able to do something like that.
做不到。就那么简单。跨域限制是专门为阻止您执行此类操作而设置的。
