javascript 如何进行跨域请求
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17874730/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to make cross domain request
提问by VB_
As you know, the security of the web browser disallows making of cross domain requests. I read a book which says that you should use XMLHTTPRequest only if you can put the files on the server (means put the page you will load to the same requested domain). If you can't - you should search for an alternative.
如您所知,Web 浏览器的安全性不允许进行跨域请求。我读过一本书,它说只有当您可以将文件放在服务器上时才应该使用 XMLHTTPRequest(意味着将您将加载的页面放在同一个请求域中)。如果你不能 - 你应该寻找替代品。
My questions are:
我的问题是:
- What is the cross domain alternative to XMLHTTPRequest?
- What about WebSockets? Does this technology allow cross domain request?
- XMLHTTPRequest 的跨域替代方案是什么?
- WebSockets怎么样?这项技术是否允许跨域请求?
EDIT:It still isn't clear to me...
编辑:我仍然不清楚......
For example, I pull my page from www.domain1.comand I need to request javascript from www.domain2.com. So the pulled page should include something like:
例如,我从www.domain1.com拉出我的页面,我需要从www.domain2.com请求 javascript 。所以拉出的页面应该包括以下内容:
<script src="www.domain2.com/script.js"></script>
to avoid cross domain restrictions.
避免跨域限制。
And I can use JSONP, and request will look like: http://ww.domain1.com/?callback=someFunction.js
我可以使用 JSONP,请求将如下所示:http://ww.domain1.com/?callback=someFunction.js
But: isn't it the same? I just pull js from another domain! Does it avoid cross domain restrictions?
但是:不一样吗?我只是从另一个域中提取 js!它是否避免了跨域限制?
回答by leggetter
You can make cross domain requests using the XMLHttpRequestobject. This is done using something called "Cross Origin Resource Sharing". See:
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
您可以使用该XMLHttpRequest对象进行跨域请求。这是使用称为“跨源资源共享”的东西完成的。请参阅:http:
//en.wikipedia.org/wiki/Cross-origin_resource_sharing
Very simply put, when the request is made to the server the server can respond with a Access-Control-Allow-Originheader which will either allow or deny the request. The browser needs to check this header and if it is allowed then it will continue with the request process. If not the browser will cancel the request.
简而言之,当向服务器发出请求时,服务器可以使用一个Access-Control-Allow-Origin标头进行响应,该标头将允许或拒绝该请求。浏览器需要检查此标头,如果允许,它将继续请求过程。如果不是,浏览器将取消请求。
You can find some more information and a working example here: http://www.leggetter.co.uk/2010/03/12/making-cross-domain-javascript-requests-using-xmlhttprequest-or-xdomainrequest.html
您可以在此处找到更多信息和工作示例:http: //www.leggetter.co.uk/2010/03/12/making-cross-domain-javascript-requests-using-xmlhttprequest-or-xdomainrequest.html
JSONP is an alternative solution, but you could argue it's a bit of a hack.
JSONP 是一种替代解决方案,但您可能会说它有点像黑客。
回答by Arun Bertil
Do a cross-domain AJAX call
进行跨域 AJAX 调用
Your web-service must support method injection in order to do JSONP.
您的 Web 服务必须支持方法注入才能执行 JSONP。
Your code seems fine and it should work if your web services and your web application hosted in the same domain.
您的代码看起来不错,如果您的 Web 服务和您的 Web 应用程序托管在同一域中,它应该可以工作。
When you do a $.ajax with dataType: 'jsonp' meaning that jQuery is actually adding a new parameter to the query URL.
当您使用 dataType: 'jsonp' 执行 $.ajax 时,意味着 jQuery 实际上正在向查询 URL 添加一个新参数。
For instance, if your URL is http://10.211.2.219:8080/SampleWebService/sample.dothen jQuery will add ?callback={some_random_dynamically_generated_method}.
例如,如果您的 URL 是http://10.211.2.219:8080/SampleWebService/sample.do那么 jQuery 将添加 ?callback={some_random_dynamically_generated_method}。
This method is more kind of a proxy actually attached in window object. This is nothing specific but does look something like this:
这种方法更像是一个实际附加在 window 对象中的代理。这没什么特别的,但看起来像这样:
window.some_random_dynamically_generated_method = function(actualJsonpData) {
//here actually has reference to the success function mentioned with $.ajax
//so it just calls the success method like this:
successCallback(actualJsonData);
}
Check the following for more information
检查以下以获取更多信息
回答by Tarek Jellali
If you're willing to transmit some data and that you don't need to be secured (any public infos) you can use a CORS proxy, it's very easy, you'll not have to change anything in your code or in server side (especially of it's not your server like the Yahoo API or OpenWeather). I've used it to fetch JSON files with an XMLHttpRequest and it worked fine.
如果您愿意传输一些数据并且不需要保护(任何公共信息),您可以使用 CORS 代理,这非常简单,您无需更改代码或服务器端的任何内容(尤其是它不像 Yahoo API 或 OpenWeather 那样是您的服务器)。我已经用它通过 XMLHttpRequest 获取 JSON 文件,并且运行良好。
