堆栈内存溢出
  简体   繁体   English

我怎样才能绕过相同的原产地政策?

[英]How can i get around the same origin policy?

 原文  2009-11-27 19:30:00       javascript/ ajax

问题描述

I need to use AJAX to get the content of another page located on a different server from the one the AJAX is loaded from.我需要使用 AJAX 来获取位于与加载 AJAX 的服务器不同的服务器上的另一个页面的内容。 The AJAX needs to send a POST request then return the result. AJAX 需要发送一个 POST 请求然后返回结果。 how can i do this?我怎样才能做到这一点?

4 个解决方案

解决方案1
 3  2009-11-27 19:36:23

Set up proxy on your own server.在您自己的服务器上设置代理。 Have your server call theirs and return the result.让您的服务器调用他们的服务器并返回结果。

解决方案2
 2 已采纳  2009-11-27 19:38:59

if you control both servers, you can use one of the HTTP header fields for cross-origin resource sharing :如果您控制两台服务器,则可以使用 HTTP 标头字段之一进行跨域资源共享

http://www.petefreitag.com/item/703.cfm http://www.petefreitag.com/item/703.cfm

https://developer.mozilla.org/En/HTTP_access_control https://developer.mozilla.org/En/HTTP_access_control

解决方案3
 1  2009-11-27 19:38:21

There is no way to go around that policy.没有办法绕过该政策。 This policy is there for very good reasons.这项政策有很好的理由。 That is also no problem as long as you're in control over the web application.只要您能够控制 Web 应用程序,这也没有问题。 You could simply redirect the call to the other server from your webserver and pass the result.您可以简单地将呼叫从您的网络服务器重定向到另一台服务器并传递结果。 This would work out like a proxy.这将像代理一样工作。

解决方案4
 0  2009-11-27 19:57:24

If you want to do that on the client and cross browser, you need some cooperation from the other server.如果您想在客户端和跨浏览器上执行此操作,则需要其他服务器的一些配合。

Either by:或者通过:

1) using JSONP (inject a script tag with a callback function) 1)使用JSONP(注入带有回调函数的脚本标签)
Only GET calls are possible though.不过,只有 GET 调用是可能的。
Security is an issue as the script has access to all resources in that page(data, cookies, ...).安全性是一个问题,因为脚本可以访问该页面中的所有资源(数据、cookie、...)。
Here's a post that explain how to sandbox them and keep the data in your page safe.这是一篇文章,解释了如何对它们进行沙箱处理并确保页面中的数据安全。

2) POST looks possible using Kris Zip's window.name technique 2) POST 看起来可能使用 Kris Zip 的window.name 技术

If the cooperation from the other server is impossible, the server proxy as described in other answers is, to my knowledge, the only option left.如果无法与其他服务器合作,据我所知,其他答案中描述的服务器代理是唯一的选择。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 这种“ ajax上传器”方法如何绕过相同的原始策略? - How does this method of “ajax uploader” get around the same origin policy? 如何使用同源政策为Google AppEngine网站开发AJAX客户端代码? - How can I work around the same-origin policy to develop AJAX client code for a Google AppEngine site? 解决同一个原产地政策 - Working around same origin policy 如何查看是否应用了同源策略? - How can I see if the same-origin-policy was applied? 关于相同的原产地政策......我可以这样做吗? - About same origin policy…Can I do this? 要解决“同源政策”吗? - Working around the Same-Origin Policy? RESTful API解决原始政策 - RESTful API to get around origin policy 绕过同源政策,从跨域iframe中获取网页的顶级网址 - Get around same-origin policy to get top URL of a page from inside a cross-domain iframe 为了避开ajax的“相同来源策略”,PHP ajax请求转发器的代码是什么? - To get around the ajax 'same origin policy', code for a PHP ajax request forwarder? 如何让 Ajax 使用 Bookmarklet 并绕过 Javascript 同源策略? - How do I get Ajax working with a Bookmarklet and bypass the Javascript Same Origin Policy?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM