javascript crossdomain.xml 配置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13394368/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
crossdomain.xml configuration
提问by user1702964
I have to call to a web service from javascript using ajax:
我必须使用 ajax 从 javascript 调用 Web 服务:
$.ajax({
type: "GET",
url: "http://[REMOTE-SERVER-IP]:8080/api/service",
contentType: "application/jsonp",
crossDomain: true,
success: successFunc,
error: errorFunc
});
I read that to grant access to the method, a "crossdomain.xml" must be created in the server http://[REMOTE-SERVER-IP]:8080/crossdomain.xml:
我读到要授予对该方法的访问权限,必须在服务器 http://[REMOTE-SERVER-IP]:8080/crossdomain.xml 中创建“crossdomain.xml”:
<cross-domain-policy>
<allow-access-from domain="[SERVICE-CALLER-IP]"/>
</cross-domain-policy>
But after doing that, when I try to call to the method, I'm getting this error from the javascript debugger:
但是这样做之后,当我尝试调用该方法时,我从 javascript 调试器收到此错误:
XMLHttpRequest cannot load http://[REMOTE-SERVER-IP]:8080/[URL]. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin
What am I doing bad?
我在做什么坏事?
Thank you very much!!!
非常感谢你!!!
回答by Tolga Akyüz
You can prefer two options here and both assumes that you can access the server.
您可以在这里选择两个选项,并且都假定您可以访问服务器。
The first option is to add
callback=?parameter to request url, and modify the server response. Server should add the callback function to the response in the following formatcallback_function_coming_from_url([your_server_response])
The second option is to add
Access-Control-Allow-Origin: *header to your server response. Or you can specify the address likeAccess-Control-Allow-Origin: [your_client_address]
第一个选项是在
callback=?请求 url 中添加参数,并修改服务器响应。服务器应按以下格式将回调函数添加到响应中callback_function_coming_from_url([your_server_response])
第二个选项是向
Access-Control-Allow-Origin: *服务器响应添加标头。或者您可以指定地址,例如Access-Control-Allow-Origin: [your_client_address]
I prefer to option 2 since it is the convenient way to accomplish your task, and also, you can control your server response, much more secure than the option 1.
我更喜欢选项 2,因为它是完成任务的便捷方式,而且您可以控制服务器响应,比选项 1 安全得多。
You can get additional info from CORS
您可以从CORS获取更多信息
