JavaScript 权限被拒绝。如何允许受信任域之间的跨域脚本?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3175006/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JavaScript permission denied. How to allow cross domain scripting between trusted domains?
提问by HVS
We have a .net based application hosted with SAP enterprise portal iframes. The domain of the SAP portal is al.xx.companyname.com. The domain of the .Net application server is ss.xx.companyname.com.
我们有一个基于 .net 的应用程序,由 SAP 企业门户 iframe 托管。SAP 门户的域是al.xx.companyname.com。.Net 应用服务器的域是ss.xx.companyname.com。
Now when I open the application through Enterprise portal, I get a 'Permission denied' JavaScript error. I enabled script debugging in IE and then attached visual studio debugger to the JavaScript error. I noticed the error is thrown from the following JavaScript code to set/ reset dirty flags.
现在,当我通过企业门户打开应用程序时,出现“权限被拒绝”JavaScript 错误。我在 IE 中启用了脚本调试,然后将 Visual Studio 调试器附加到 JavaScript 错误。我注意到错误是从以下 JavaScript 代码中抛出的,用于设置/重置脏标志。
if(top.EPCM!=null)
Understandably the issue is due to cross domain scripting. i.e. the application server of ss.xx.companyname.com is trying to access the browser component of enterprise portal of domain al.xx.companyname.com.
可以理解,这个问题是由于跨域脚本。即ss.xx.companyname.com的应用服务器正在尝试访问域al.xx.companyname.com的企业门户的浏览器组件。
However this cross scripting is a trusted domain scripting and I want to somehow allow this cross scripting. I tried to set the primary DNS suffix of the application server. by following the below approach.
然而,这种交叉脚本是受信任的域脚本,我想以某种方式允许这种交叉脚本。我尝试设置应用服务器的主 DNS 后缀。通过遵循以下方法。
- Right click on My computer of application server. (Windows 2003 server, by the way)
- select properties - Computer Name
- Click Change button and in the next window click More button
- And under the'Primary DNS suffix of this computer' textbox, I entered the value - al.xx.companyname.com.
- 右键单击应用程序服务器的我的电脑。(顺便说一下,Windows 2003 服务器)
- 选择属性 - 计算机名称
- 单击更改按钮,然后在下一个窗口中单击更多按钮
- 在“这台计算机的主 DNS 后缀”文本框下,我输入了值 - al.xx.companyname.com。
Now after the above settings, I assume the domains of both enterprise portal and application server will be taken as al.xx.companyname.com. However I am still getting the JavaScript permission denied error in the same JavaScript code mentioned above.
现在经过上述设置,我假设企业门户和应用服务器的域都将被视为al.xx.companyname.com。但是,我仍然在上面提到的相同 JavaScript 代码中收到 JavaScript 权限被拒绝错误。
As suggested in the replies, I also implemented document.domain approach.
正如回复中所建议的,我还实现了 document.domain 方法。
var requireddomain = 'al.xx.companyname.com';
var text = document.domain; //returns the domain as ss.xx.companyname.com
if (text != requireddomain)
{
for (i=0; i < 2; i++)
{
dotposition = text.indexOf( "." );
text = text.substr(dotposition +1);
}
document.domain = text;
}
if(top.EPCM!=null)
With the above code, the document.domain object is set as companyname.comwhich is common to both Enterprise portal and application server. However still the permission denied issue is thrown in the line >> if(top.EPCM!=null)
通过上面的代码,document.domain 对象被设置为companyname.com,这对企业门户和应用程序服务器都是通用的。然而,仍然在行中抛出权限被拒绝的问题 >> if(top.EPCM!=null)
This issue is breaking my head for past 3 days. Can someone please help me with this? The objective is to allow cross domain scripting between application server and enterprise portal which is a trusted connection. Thanks.
这个问题在过去的 3 天里让我头疼。有人可以帮我解决这个问题吗?目标是允许应用服务器和企业门户之间的跨域脚本编写,这是一个受信任的连接。谢谢。
Update:
更新:
Interesting & frustrating development. I have installed ssl certificates in my application server. And still the permission denied error is thrown.
有趣和令人沮丧的发展。我已经在我的应用程序服务器中安装了 ssl 证书。并且仍然抛出权限被拒绝错误。
- Portal domain: al.xx.companyname.com
- app domain: ss.xx.companyname.com
- 门户域名:al.xx.companyname.com
- 应用域:ss.xx.companyname.com
I was trying to set the document.domain property to 2 sublevels down, i.e to companyname.com.
我试图将 document.domain 属性设置为 2 个子级别,即 companyname.com。
But still the 'permission denied error' occurs.
但仍然发生“权限被拒绝错误”。
I guess, the setting of document.domain will only work if the app domain is a subset of portal domain. i.e.
我想,只有当应用程序域是门户域的子集时,document.domain 的设置才会起作用。IE
- portal domain: al.xx.companyname.com
- App domain: ss.al.xx.companyname.com.
- 门户域名:al.xx.companyname.com
- 应用域:ss.al.xx.companyname.com。
In the above case, I can just reduce the app domain to one sublevel down (to al.xx.companyname.com). Then I guess, it would work.
在上述情况下,我可以将应用程序域减少到一个子级别(到 al.xx.companyname.com)。然后我想,它会起作用。
However in my case the portal and app servers are 2 branched subdomains of the same companyname.com and hence cross scripting is still not allowed.
但是,在我的情况下,门户和应用程序服务器是同一个 companyname.com 的 2 个分支子域,因此仍然不允许跨脚本。
Any suggestions on how to proceed?
有关如何进行的任何建议?
回答by Pekka
The Same Origin Policy is probably so strict that it doesn't make exceptions even with trusted sites.
同源策略可能非常严格,即使是受信任的站点也不例外。
The cross-browser document.domainproperty should be able to solve this:
跨浏览器document.domain属性应该可以解决这个问题:
There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.htmlexecutes the following statement:
document.domain = "company.com";
同源规则有一个例外。脚本可以将 document.domain 的值设置为当前域的后缀。如果是这样,较短的域将用于后续的源检查。例如,假设http://store.company.com/dir/other.html文档中的脚本执行以下语句:
document.domain = "company.com";
