堆栈内存溢出
  简体   繁体   English

如何使用ASP.NET和Ajax绕过CORS策略?

[英]How can i bypass CORS Policy with ASP.NET and Ajax?

 原文  2015-06-03 00:58:35       c#/ jquery/ asp.net/ ajax/ xml

问题描述

I want to bypass CORS Policy to GET data XML from another domain. 我想绕过CORS政策从另一个域获取数据XML I try so much but have no luck. 我尝试了很多,但是没有运气。 There are: 有:

  • JSONP : By this way, i don't know how to use it. JSONP :通过这种方式,我不知道如何使用它。 Because XML Construction is difference from JSONP Construction. 因为XML构造不同于JSONP构造。 If yes, please help me how to use JSONP to get data XML from another domain. 如果是,请帮助我如何使用JSONP从另一个域获取数据XML。
  • Proxy : Cause of my project is ASP.NET Framework 4.0. 代理 :我项目的原因是ASP.NET Framework 4.0。 So, i create a proxy page and use it to get XML. 因此,我创建了一个代理页面并使用它来获取XML。 Example: http://localhost:4030/proxy.aspx?u=http://onotherdomain.com/data.xml . 示例: http:// localhost:4030 / proxy.aspx?u = http://onotherdomain.com/data.xml But i can't get data with a basic protected site. 但是我无法通过基本的受保护站点获取数据。 It's allways return 401 unauthorized. 总是返回未经授权的401。

For you, JSONP is faster or Proxy is Faster ? 对您来说,JSONP更快还是Proxy更快?

Thanks for watching ? 谢谢收看

1 个解决方案

解决方案1
 1  2015-06-03 01:15:53

If the other domain does not explicitly trust you, you cannot invoke it from the client via AJAX for security reasons unless you use JSONP. 如果其他域未明确信任您,则出于安全原因,您不能通过AJAX从客户端调用它,除非您使用JSONP。

However, you can only use JSONP as long as you are sticking to only GET requests and the server knows how to respond with a JSONP-formatted response. 但是,只要您仅坚持GET请求,并且服务器知道如何使用JSONP格式的响应进行响应,就只能使用JSONP。

On the other hand, if they DO explicitly trust you, you have a few options. 另一方面,如果他们确实明确信任您,则您有几种选择。

  • CORS support on the server as long as you are using modern browsers (IE9 still has issues with this) with the appropriate headers. 只要您使用带有适当标题的现代浏览器(IE9仍然对此存在问题),服务器上的CORS支持就可以了。
  • XDomain , which is essentially a javascript proxy shim. XDomain ,本质上是一个JavaScript代理填充程序。 However, this also requires explicit request domain inclusion. 但是,这也需要明确包含请求域。

On the other hand, if you create a proxy server-side on your end that can call across to the other domain, you'll have no issues whatsoever. 另一方面,如果您在端部创建了可以调用另一个域的代理服务器端,则不会有任何问题。

A server-side proxy should in theory always be slower than ajax options since you are making two calls instead of one. 理论上,服务器端代理应该总是比ajax选项要慢,因为您要进行两次调用而不是一次调用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有身份的 ASP.NET 中的 CORS 策略 - CORS Policy in ASP.NET with identity ASP.NET 内核 Cors 策略 - ASP.NET core Cors policy 在asp.net向导中单击下一步时,如何绕过页面上的验证? - How can i bypass validation on page when clicking next in a asp.net Wizard? 为什么此CORS政策无法使用ASP.NET Core - Why is this CORS policy not working ASP.NET Core 在 ASP.NET Core 3.1 中处理多环境的 CORS 策略 - Handling CORS policy for multiple environment in ASP.NET Core 3.1 如何绕过 ASP.NET 中按钮的验证? - How to bypass validation for a button in ASP.NET? 如何在 ASP.net Core WebAPI 中使用默认和自己的策略启用 CORS - How to enable CORS in ASP.net Core WebAPI with deafult and own policy 如何向 ASP.NET CORE 授权策略添加 OR 子句? - How can I add an OR clause to a ASP.NET CORE Authorization Policy? 如何在 ASP.NET Core 中启用 CORS - How to enable CORS in ASP.NET Core 在 ASP.NET Core 中不需要时如何绕过身份验证中间件 - How to bypass authentication middleware when not needed in ASP.NET Core
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM