Javascript Internet Explorer 中跨站点请求的访问控制
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2044684/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Access control for cross site requests in Internet Explorer
提问by Aleksandar Jankovi?
I am trying to make an AJAX call from several domains to a single one which will handle the request. Enabling Cross domain in Firefox and Chrome was easy by setting the header on the handling server:
我正在尝试从多个域向一个将处理请求的域进行 AJAX 调用。通过在处理服务器上设置标头,在 Firefox 和 Chrome 中启用跨域很容易:
header("Access-Control-Allow-Origin: *");
But this doesn't help enabling it in Internet Explorer. When I try:
但这无助于在 Internet Explorer 中启用它。当我尝试:
httpreq.send('');
it stops with error Access denied.
它因错误访问被拒绝而停止。
How can this be enabled in Internet Explorer?
如何在 Internet Explorer 中启用此功能?
采纳答案by Dan
I don't believe you can do that directly in Internet Explorer. You have a couple of options:
我不相信你可以直接在 Internet Explorer 中做到这一点。你有几个选择:
Set up a proxy forwarding script on the server you do control that can forward the Ajax requests. Make sure that it only forwards to the appropriate destinations that you need so that you don't get turned into an anonymous relay.
Use the
document.domaintrick. Basically you need to create a set ofiframes, one for each server you need to make Ajax calls to. Within eachiframeset thedocument.domainproperty to exactly match the domain you need to send the Ajax requests to. As to how to populate the necessary data, use DOM manipulation prior to settingdocument.domain. Note that this trick requires the target servers to be in sub-domains of the original. More in this article, with examples.
回答by John Bonfardeci
Much has changed since I first posted my solution for CORS in IE7 and above. First of all the jQuery property $.support.cors is true by default, .NET frameworks 4.0 and above no longer support CORS as implemented in versions 3.5.1 and lower. When writing a web service with ASP.NET 4.0 I had install the Thinktecture.IdentityModel which is available as a NuGet package. Then, in the Application_Start method of the Global.asax file, add:
自从我第一次在 IE7 及更高版本中发布我的 CORS 解决方案以来,已经发生了很大变化。首先,默认情况下 jQuery 属性 $.support.cors 为 true,.NET 框架 4.0 及更高版本不再支持在 3.5.1 及更低版本中实现的 CORS。在使用 ASP.NET 4.0 编写 Web 服务时,我安装了可作为 NuGet 包使用的 Thinktecture.IdentityModel。然后,在 Global.asax 文件的 Application_Start 方法中,添加:
void Application_Start(object sender, EventArgs e)
{
Thinktecture.IdentityModel.Http.Cors.IIS.UrlBasedCorsConfiguration.Configuration
.ForResources("*")
.ForOrigins("http://localhost:80, http://mydomain")
.AllowAll()
.AllowMethods("GET", "POST");
}
Now add the httpProtocol element within system.webServer:
现在在 system.webServer 中添加 httpProtocol 元素:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, X-Requested-With, X-File-Name" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
My $.ajax call is now:
我的 $.ajax 调用现在是:
$.ajax({
url: serviceUrl,
data: JSON.stringify(postData),
type: "POST",
cache: false,
contentType: "application/json; charset=utf-8",
dataType: "json",
success: onSuccess,
error: onError
});
回答by vanduc1102
Did you try do enable Access Data Source Cross Domains
您是否尝试启用跨域访问数据源
回答by pellucid
I got IE8 and 9 working with just jQuery $.ajax (jQuery version 1.7.2)
我让 IE8 和 9 只使用 jQuery $.ajax(jQuery 版本 1.7.2)
jQuery.support.cors = true;
jQuery(function() {
$.ajax({
crossDomain : true,
dataType: 'html',
//...
});
});
回答by Eric
For Internet Explorer 8, you need to do like for FF3, ie use the "Access-Control-Allow-Origin" header plus use XDomainRequest object instead of XMLHttpRequest. Everything is explaiend in detail here for IE8: http://msdn.microsoft.com/en-us/library/dd573303%28VS.85%29.aspx
对于 Internet Explorer 8,您需要像 FF3 一样,即使用“Access-Control-Allow-Origin”标头加上使用 XDomainRequest 对象而不是 XMLHttpRequest。IE8 的所有内容都在这里详细说明:http: //msdn.microsoft.com/en-us/library/dd573303%28VS.85%29.aspx
Older flavours of IE don't support Cross Site Access Control nor XDomainRequest objects. However it's not over, you could resort to the IFrame trick for instance, ie creating an invisible IFrame that calls your functions as described here: http://softwareas.com/cross-domain-communication-with-iframes
旧版本的 IE 不支持跨站点访问控制或 XDomainRequest 对象。但是它还没有结束,例如,您可以使用 IFrame 技巧,即创建一个不可见的 IFrame 来调用您的函数,如下所述:http: //softwareas.com/cross-domain-communication-with-iframes
回答by Furqan Hameedi
Just adding to the Eric's answer , for Older version of IE , you can use Jquery 1.4.2's $.ajax method , that by default allows the cross domain requests, or for cross domain JSON , you can use
只是添加到 Eric 的答案,对于旧版本的 IE,您可以使用 Jquery 1.4.2 的 $.ajax 方法,默认情况下允许跨域请求,或者对于跨域 JSON,您可以使用
jQuery.getJSON( String url, Map data, Function callback ) returns XMLHttpRequest
jQuery.getJSON(String url, Map data, Function callback) 返回 XMLHttpRequest
An Excerpt from Jquery docs.
来自 Jquery 文档的摘录。
"jQuery now supports JSONP natively - if you attempt to load JSON (via $.getJSON or $.ajax) from a remote URL then an extra callback will be provided for the server to interpret."
“jQuery 现在原生支持 JSONP - 如果您尝试从远程 URL 加载 JSON(通过 $.getJSON 或 $.ajax),那么将为服务器提供一个额外的回调来解释。”
