跨域解决方法以加载外部页面
[英]Cross-domain workaround to load an external page
问题描述
Here's the jQuery documentation: 
这是jQuery文档:
http://api.jquery.com/load/ http://api.jquery.com/load/
As mentioned there as an additional note: 如前所述,作为附加说明:
Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy;
Is there any way to bypass this limitation? 有什么办法可以绕过此限制?
2 个解决方案
解决方案1
0 2013-11-12 06:12:15
One way is to create a proxy page that requests the external page on the server. 一种方法是创建一个代理页面,该页面请求服务器上的外部页面。 The implementation is dependent on the technology being used, but the idea is that you can then make an ajax call to your proxy page instead which will be on the same domain as the calling page. 实现取决于所使用的技术,但是其想法是,您可以随后对代理页面进行ajax调用,而该代理页面将与调用页面位于同一域中。
解决方案2
0 2013-11-12 06:19:01
Yes, there are several ways to get around this. 是的,有几种方法可以解决此问题。 But I would strongly suggest CORS (Cross-Domain Resource Sharing). 但我强烈建议使用CORS (跨域资源共享)。 CORS is the emerging standard for addressing cross-domain Ajax. CORS是解决跨域Ajax的新兴标准。 This is replacing approaches such as JSONP (which has known security issues). 这正在替代JSONP之类的方法(存在已知的安全问题)。
Unfortunately, CORS is not supported by older IE versions (6-9), but there are established polyfills for browsers which do not natively implement CORS. 不幸的是,较旧的IE版本(6-9)不支持CORS,但是已经为本地未实现CORS的浏览器建立了polyfill。 easyXDM is one such polyfill. easyXDM就是这样一种polyfill 。
At a basic level, below is a sample request (from the MDN link above), where the browser generates a request with the Origin header, indicating the domain of the request, which is validated by the endpoint: 在基本级别上,下面是一个示例请求(来自上面的MDN链接),浏览器在其中生成带有Origin头的请求,该请求指示请求的域,并由端点验证:
GET /resources/access-control-with-credentials/ HTTP/1.1
Host: bar.other
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://foo.example/examples/credential.html
Origin: http://foo.example
Cookie: pageAccess=2
An Ajax endpoint supporting CORS may respond with the appropriate headers, which the browser validates. 支持CORS的Ajax端点可能会使用适当的标头进行响应,浏览器会验证这些标头。 See Access-Control-Allow-Origin and Access-Control-Allow-Credentials in this example: 在此示例中,请参阅Access-Control-Allow-Origin和Access-Control-Allow-Credentials:
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:34:52 GMT
Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
X-Powered-By: PHP/5.2.6
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: pageAccess=3; expires=Wed, 31-Dec-2008 01:34:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 106
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain
The browser may also send a pre-flight (using the OPTIONS verb) which can indicate to the server what headers or verbs the Ajax call will use. 浏览器还可以发送预检(使用OPTIONS动词),该预检可以向服务器指示Ajax调用将使用哪些标题或动词。 The pre-flight is actually a separate call from the primary Ajax call, but is only invoked under certain conditions. 飞行前实际上是与主要Ajax调用分开的调用,但是仅在某些条件下才调用。
Many web servers (IIS, Apache) support CORS through modules. 许多Web服务器(IIS,Apache)通过模块支持CORS。 The servers will require configuration to white-list origins, allowed verbs, headers, etc. Wildcarding can also be used but is not recommended. 服务器将需要配置为将起源,允许的动词,标题等列入白名单。也可以使用通配符,但不建议使用通配符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.