jQuery 邮递员如何发送请求?ajax,同源策略
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16021442/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how Postman send requests? ajax, same origin policy
提问by Joey Hipolito
I have found this very useful Chrome extension called Postman. This is a very useful extension especially when you are into programming RESTful applications.
我发现这个名为 Postman 的非常有用的 Chrome 扩展程序。这是一个非常有用的扩展,尤其是在您编写 RESTful 应用程序时。
One thing I am confused on is that how this plugin/extension able to send POST request successfully on different domains?
我感到困惑的一件事是这个插件/扩展如何能够在不同的域上成功发送 POST 请求?
I tried voting in a poll using Postman like this.
我尝试像这样使用 Postman 在民意调查中投票。
After submitting that, the vote was actually counted in, but when I tried doing that using AJAX and JavaScript, it fails, because of different origin policy of browsers.
提交后,投票实际上被计入了,但是当我尝试使用 AJAX 和 JavaScript 这样做时,它失败了,因为浏览器的来源策略不同。
How is that even possible?
这怎么可能呢?
Here is my code using jQuery. I used that in my computer though, localhost.
这是我使用 jQuery 的代码。我在我的电脑中使用了它,localhost。
init: function() {
$.ajax({
url: 'http://example.com/vote.php',
type:'POST',
dataType: 'html',
data: {
id: '1'
},
success: function(data) {
if ( data == 'voted' ) {
$('.set-result').html( 'you already voted. try again after 24 hours' );
} else {
$('.set-result').html( 'successfully voted' );
}
}
});
},
采纳答案by Mohsen
Chrome packaged apps can have cross domain permissions. When you install Postman it promts you that this app will access any domain.
Chrome 打包的应用程序可以具有跨域权限。当您安装 Postman 时,它会提示您此应用程序将访问任何域。
By placing */*in permissionssection of your manifest file, you can do this.
通过放置*/*在permissions清单文件的部分,您可以做到这一点。
Read more here: https://developer.chrome.com/extensions/xhr.html
在此处阅读更多信息:https: //developer.chrome.com/extensions/xhr.html
回答by chebaby
回答by Iain Collins
Sounds like the site that hosts the poll (the "vote.php" script) needs to have an "Access-Control-Allow-Origin" header set to allow posting from a list of sites (or all sites).
听起来像托管民意调查的站点(“vote.php”脚本)需要设置一个“Access-Control-Allow-Origin”标头以允许从站点列表(或所有站点)发布。
A value of * for the header will allow posting from any website:
标头的 * 值将允许从任何网站发布:
Access-Control-Allow-Origin: *
i.e. You could put the following at the top of vote.php
即您可以将以下内容放在vote.php的顶部
header('Access-Control-Allow-Origin: *');
Chrome extensions and apps are not subject to the same security limitations placed on normal webpages.
Chrome 扩展程序和应用程序不受普通网页上相同的安全限制。
Additional debugging tips:
其他调试提示:
If you're trying to access remote services from web pages you have open on your local file system in your browser, you might find your browser applies different security rules to them than it does to files served from a web service.
如果您尝试从浏览器中在本地文件系统上打开的网页访问远程服务,您可能会发现浏览器对它们应用的安全规则与对 Web 服务提供的文件应用的安全规则不同。
e.g. If you open local files from a locational like C:\MyDocuments\weboot\index.htm(Windows) or \Users\joe\Sites\index.html(Mac) in your browser your AJAX request might not work, even with the header specified in most browsers.
例如,如果您在浏览器中从C:\MyDocuments\weboot\index.htm(Windows) 或\Users\joe\Sites\index.html(Mac)等位置打开本地文件,您的 AJAX 请求可能无法工作,即使在大多数浏览器中指定了标头。
Apple's Safari applies almost no cross domain restrictions to files opened locally but Firefox is much more strict about what it permits, with Chrome somewhere in the middle. Running a web server locally (e.g. on http://localhost/) is a good idea to avoid unexpected behaviour.
Apple 的 Safari 对本地打开的文件几乎没有跨域限制,但 Firefox 对其允许的内容要严格得多,Chrome 处于中间位置。在本地运行 Web 服务器(例如 on http://localhost/)是避免意外行为的好主意。
Additionally, other libraries that provide functions to handle Ajax requests (such as AngularJS) may require other headers to be set on the server by default. You can usually see the reason for failure in a browser debug console.
此外,其他提供处理 Ajax 请求功能的库(例如 AngularJS)可能需要在服务器上默认设置其他标头。您通常可以在浏览器调试控制台中看到失败的原因。
