javascript 哪些浏览器允许使用 Access-Control-Allow-Origin 进行跨域 ajax 调用:*?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4403865/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Which browsers allow cross domain ajax calls with Access-Control-Allow-Origin: *?
提问by Chad DeShon
Which browsers allow cross domain ajax calls with Access-Control-Allow-Origin: *? I am setting a REST service and trying to decide if I need to support JSONP to allow cross domain javascript access or if it is good enough to set the Access-Control-Allow-Origin header.
哪些浏览器允许跨域 ajax 调用Access-Control-Allow-Origin: *?我正在设置 REST 服务并试图决定是否需要支持 JSONP 以允许跨域 javascript 访问,或者是否足以设置 Access-Control-Allow-Origin 标头。
回答by T.J. Crowder
Here's one referencesuggesting that support in modern browsers is reasonable (but see the note at the end of this answer), assuming client-side code handles the IE issue on purpose. (IE8 and IE9 support CORS, but not via XMLHttpRequest —you have to use XDomainRequestinstead, and it's worth noting that neither jQuerynor Prototypedoes that for you in their ajax wrappers — I don't know about other libraries. IE10 finallygets it right.) That page says, in essence, that CORSis supported in the desktop versions of:
这里有一个参考资料表明现代浏览器的支持是合理的(但请参阅本答案末尾的注释),假设客户端代码有意处理 IE 问题。(IE8 和 IE9 支持 CORS,但不支持通过XMLHttpRequest ——你必须XDomainRequest改用,值得注意的是,jQuery和Prototype都没有在他们的 ajax 包装器中为你做到这一点——我不知道其他库。IE10终于做到了。 ) 该页面实质上表示,以下桌面版本支持CORS:
- IE8+ (via
XDomainRequest), IE10+ (properly) - Firefox 3.6+
- Safari 4.0+
- Chrome 6+
- Opera 12.1+
- IE8+(通过
XDomainRequest),IE10+(正确) - 火狐 3.6+
- Safari 4.0+
- 铬 6+
- 歌剧 12.1+
...as well as
...也
- iOS Safari 3.2+
- Android browser 2.1+
- iOS Safari 3.2+
- 安卓浏览器 2.1+
You have to ask yourself what your target market is and whether they're likely to still be using older versions of IE, because it matters quite a lotwho you're targeting. But overall, you still (for the moment) probably want to look at a JSONP interface — even in the U.S. mostly-home market, IE6+IE7 = about 20% of the users. I don't know many sites that can just ignore a fifth of the market. :-) And if you look at corporate users, or users in Asia or Africa or Central America, that number goes up markedly.The foregoing was true in 2010. Here in 2013, China is really the only holdout using IE6 (>24% there). Worldwide, IE6 and IE7 users have moved on to IE8 and IE9, and even big corporate and government users have finally "got it" about the security risks. IE8 will be with us for a while (as that's has high as IE goes on Windows XP), but you can bet the nearly 20% using IE9 will be on IE10 soon.
您必须问问自己您的目标市场是什么,以及他们是否可能仍在使用旧版本的 IE,因为您的目标人群非常重要。但总体而言,您(目前)可能仍然希望查看 JSONP 接口——即使在美国主要是家庭市场,IE6+IE7 = 大约 20% 的用户。我不知道有多少网站可以忽略五分之一的市场。:-) 如果你看看企业用户,或者亚洲、非洲或中美洲的用户,这个数字会显着增加。上述情况在 2010 年是正确的。在 2013 年, CN 确实是唯一坚持使用 IE6 的国家(> 24%)。在全球范围内,IE6 和 IE7 用户已转向 IE8 和 IE9,甚至大型企业和政府用户也终于“了解”了安全风险。IE8 将伴随我们一段时间(因为随着 IE 在 Windows XP 上运行,它已经很高),但您可以打赌,使用 IE9 的近 20% 将很快在 IE10 上运行。
回答by Alfred
I had some problems when using Access-Control-Allow-Origin: *. I believe it had something to do with cookies and preflight request(POST). So it is better to specify from which domain you are going to make these calls.
我在使用 Access-Control-Allow-Origin 时遇到了一些问题:*。我相信这与 cookie 和预检请求(POST)有关。因此,最好指定要从哪个域进行这些调用。
