简体繁体 English

跨站点ajax调用WCF服务

[英]Cross-site ajax call to a WCF Service

原文 2009-02-17 05:17:42 8 4 javascript/ wcf/ json/ cross-site

Is it possible to do a cross-site call, in Javascript, to a WCF service? 是否可以在Javascript中对WCF服务进行跨站点调用？

I don't mind if it's a POST or a GET. 我不介意它是POST还是GET。

But I've heard that these days, browsers don't allow cross-site calls with either POST or GET. 但我听说这些天浏览器不允许使用POST或GET进行跨站点调用。

How can I circumvent this and still call a WCF Service ? 我怎样才能绕过这个并仍然调用WCF服务 ？

4 个解决方案

There's not a whole lot you can do to circumvent the browser's cross-site scripting blockers. 你无法绕过浏览器的跨网站脚本拦截器。 Those blockers stop XMLHTTPRequest's from happening to any domain but the one that loaded the containing script or page. 这些阻止程序阻止XMLHTTPRequest发生到任何域，但加载包含脚本或页面的域。

That said, there is one commonly used workaround: Use JavaScript to write a new entry into the DOM that references a src that is a cross-site URL. 也就是说，有一个常用的解决方法：使用JavaScript在DOM中编写一个新条目，引用一个跨站点URL的src。 You'll pass all your RPC method arguments to this "script" which will return some JavaScript that will be executed, telling you success or failure. 您将所有RPC方法参数传递给此“脚本”，该脚本将返回将要执行的一些JavaScript，告诉您成功或失败。

There's no way to do a POST in this manner, the src URL must be a GET, so you can pass arguments that way. 没有办法以这种方式执行POST，src URL必须是GET，因此您可以通过这种方式传递参数。 I'm not sure if WCF has a "GET only" method of access. 我不确定WCF是否有“仅限GET”访问方法。 And, since the browser will expect the result of the remote tag to be a valid JavaScript object, you'll have to make sure that your WCF service obeys that as well, otherwise you'll get JavaScript errors. 并且，由于浏览器希望远程标记的结果是有效的JavaScript对象，因此您必须确保您的WCF服务也遵守该标准，否则您将收到JavaScript错误。

Another common method of circumventing cross-site scripting is to write a proxy for your requests. 绕过跨站点脚本的另一种常用方法是为您的请求编写代理。 In other words, if you want to access domain test.com from scripts hosted on example.com, then make some URL on example.com that proxies the request over to test.com in the proper way. 换句话说，如果要从example.com上托管的脚本访问域test.com，请在example.com上创建一些URL，以适当的方式将请求代理到test.com。

For your example, the proxying is likely the right answer, assuming that WCF doesn't have it's own cross-site scripting restrictions. 对于您的示例，假设WCF没有自己的跨站点脚本限制，代理可能是正确的答案。

Are you using jQuery by any chance? 你有机会使用jQuery吗？ jQuery supports Cross-Domain JSON requests using "JSONP". jQuery使用“JSONP”支持跨域JSON请求。 You will be limited to GET requests, but I've tried it out and it works well! 您将受限于GET请求，但我已经尝试过它并且运行良好！ It's also very simple to get working. 上班也很简单。

See the "Cross-Domain getJSON (using JSONP) " section on this page for details: http://docs.jquery.com/Release:jQuery_1.2/Ajax 有关详细信息，请参阅此页面上的“跨域getJSON（使用JSONP）”部分： http ： //docs.jquery.com/Release ： jQuery_1.2 / Ajax

And here's some background on JSONP: http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/ 以下是JSONP的一些背景知识： http ： //bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/

Let me know how it goes! 让我知道事情的后续！

New W3C recommendations are being standardised to allow cross-site requests between trusted parties via the Access Control for Cross-Site Requests specification. 新的W3C建议正在标准化，以允许可信方之间通过跨站请求访问控制规范进行跨站点请求。

This requires a server serving suitable Access Control HTTP headers and a browser capable of understanding and acting upon such headers. 这需要服务器提供合适的访问控制HTTP标头和能够理解并对这些标头采取行动的浏览器。

In short, if a remote host says it likes your domain, and a browser understands what this means, you can perform xmlHttpRequests against that host regardless of the same origin policy. 简而言之，如果远程主机表示它喜欢您的域，并且浏览器了解这意味着什么，则无论相同的源策略如何，您都可以对该主机执行xmlHttpRequests。

Currently very few browsers support this functionality. 目前很少有浏览器支持此功能。 IE8 apparently does (I haven't tested it) and Firefox 3.1 does (I have tested this extensively). IE8显然（我还没有测试过）和Firefox 3.1（我已经对它进行了广泛的测试）。 I expect other browsers to follow suit quite quickly. 我希望其他浏览器能够很快跟进。

You shouldn't expect sufficient adoption of compatible browsers until 2012 at the earliest. 您最好在2012年之前预计会充分采用兼容的浏览器。

That's the ultimate solution to the problem. 这是问题的最终解决方案。 The downside is waiting a few years before it can be used in mainstream applications. 缺点是等待几年才能在主流应用中使用。

If this is for use within an environment you fully control, such as for an intranet where you can determine which browser is used and where you can configure multiple servers to issue the correct headers, it works perfectly. 如果这是在您完全控制的环境中使用，例如对于可以确定使用哪个浏览器的Intranet以及可以配置多个服务器以发出正确标头的位置，它可以完美地运行。

To expand on Ben's answer... I extended our WCF service to support JSONP calls from jQuery using code similar to this example from Microsoft: 为了扩展Ben的答案......我扩展了我们的WCF服务以使用类似于Microsoft的示例的代码来支持来自jQuery的JSONP调用：

http://msdn.microsoft.com/en-us/library/cc716898.aspx http://msdn.microsoft.com/en-us/library/cc716898.aspx