从 jQuery 访问 Web 服务 - 跨域
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2697557/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Accessing web Service from jQuery - cross domain
提问by ChrisCa
I am trying to acess a wcf service from a jQuery client
我正在尝试从 jQuery 客户端访问 wcf 服务
Specifically this example http://www.codeproject.com/KB/aspnet/WCF_JQUERY_ASMX.aspx#4
特别是这个例子 http://www.codeproject.com/KB/aspnet/WCF_JQUERY_ASMX.aspx#4
All works well when the client webpage is on the same domain as the service
当客户端网页与服务位于同一域时,一切正常
As soon as I move the client webpage to another domain it breaks. It cant reach the service and the request fails
一旦我将客户端网页移动到另一个域,它就会中断。无法访问服务,请求失败
This happens for all the examples, ASMX, REST and WCF
所有示例都会发生这种情况,ASMX、REST 和 WCF
any ideas how to get this working cross daomain?
任何想法如何让这个工作跨 daomain ?
采纳答案by GlenCrawford
You are running up against the Same-Origin Policy. The web service that you are accessing must reside on the same domain as the jQuery script that is making the request. This policy is enforced by all browsers to prevent - for example - cross-site scripting and code injection attacks on web applications.
您遇到了同源策略。您正在访问的 Web 服务必须与发出请求的 jQuery 脚本位于同一个域中。此策略由所有浏览器强制执行,以防止(例如)对 Web 应用程序的跨站点脚本和代码注入攻击。
There are various ways around it, including JSONP, Proxies or Flash.
有多种解决方法,包括 JSONP、代理或 Flash。
We'll need a little more information before we can suggest which technique you should use. I tend to favor JSONP. But in the meantime, here's some light reading:
在我们建议您应该使用哪种技术之前,我们需要更多信息。我倾向于支持JSONP。但与此同时,这里有一些轻松的阅读:
http://taossa.com/index.php/2007/02/08/same-origin-policy/
http://taossa.com/index.php/2007/02/08/same-origin-policy/
https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
Here's an example use of JSONP:
下面是一个 JSONP 的使用示例:
url = "http://www.test.com/getData.php?callback=parseResults";
document.body.appendChild((function() {
var newScript = document.createElement("script");
newScript.type = "text/javascript";
newScript.src = url;
return newScript;
})());
function parseResults(data) {
alert(data);
}
回答by Andy E
You might want to check out JSONP (JSON with Padding). In short, it involves adding a script element to the page with the web service url as the src. The web service then wraps the JSON as the first argument in a callback function, which is executed when the script is parsed.
您可能想查看JSONP (JSON with Padding)。简而言之,它涉及向页面添加一个脚本元素,并将 Web 服务 url 作为 src。然后,Web 服务将 JSON 包装为回调函数中的第一个参数,该函数在解析脚本时执行。
Script elements are exempt from the Same Origin Policy, which is how they are able to get around this issue..
脚本元素不受同源策略的约束,这就是它们能够解决这个问题的方式。
回答by Matt Gibson
Typically, you won't be able to; modern browsers restrict this to prevent cross-site scripting attacks. One way around it may be to use "padded" JSON, JSONP, which inserts the results in a script element on your page. There's a Microsoft WCF sample herewhich seems to do that.
通常,您将无法;现代浏览器对此进行了限制以防止跨站点脚本攻击。一种解决方法可能是使用“填充”JSON,即 JSONP,它将结果插入到页面上的脚本元素中。这里有一个Microsoft WCF 示例似乎可以做到这一点。
回答by R Francky
I faced the same problem during 2 days and I found the solution, and it's elegant after googling a lot. I needed xss Ajax for some widget clients which pull datastream from tiers websites to my Rails app. here's how I did.
我在 2 天内遇到了同样的问题,我找到了解决方案,并且在谷歌搜索了很多之后它很优雅。对于一些小部件客户端,我需要 xss Ajax,这些客户端将数据流从层级网站拉到我的 Rails 应用程序。 这就是我所做的。
