[英]Knowing the status of a form POST that is protected by X-Frame-Options
I am going to describe my specific case below, but this might be useful to a number of web-mashups. 我将在下面描述我的具体情况,但这可能对许多Web混搭有用。
My web application POSTs to Twitter by filling a form and then submitting it (via javascript). 我的Web应用程序通过填写表单然后提交(通过javascript)将信息发布到Twitter。 The
target
of the form is set to an iframe
which has an onload
trigger. 表单的
target
设置为具有onload
触发器的iframe
。 When the onload
trigger is called the application knows that the POST was completed. 当
onload
触发器时,应用程序知道POST已完成。
This used to work fine until Chrome version 11, which now respects the X-Frame-Options=SAMEORIGIN
sent by Twitter in the POST response. 在Chrome版本11之前,该方法一直可以正常工作,直到Chrome版本11现在尊重Twitter在POST响应中发送的
X-Frame-Options=SAMEORIGIN
。 The POST goes through, but the iframe's onload
is not called anymore. POST可以通过,但不再调用
iframe's onload
。
It still works in Firefox 4, but I suppose that's a bug that will eventually get fixed. 它仍然可以在Firefox 4中使用,但是我想这是一个错误,最终将得到修复。
Is there any other way to know the status of the POST? 还有其他方法可以知道POST的状态吗? I understand that knowing the contents of the POST response would violate the security policy, but I am not interested in the contents.
我了解知道POST响应的内容将违反安全策略,但是我对内容不感兴趣。 I would just like the app to be notified when the POST is completed.
我只希望在POST完成后通知应用程序。
If you just need to know when the POST was submitted, and not necessarily whether it succeeded or not, you could poll the iframe's contentWindow
and contentWindow.document
on an interval. 如果您只需要知道POST的提交时间,而不必知道它是否成功,则可以按一定的时间间隔轮询iframe的
contentWindow
和contentWindow.document
。 When you can no longer access one of those objects, or when the document has an empty body, that means that the iframe has loaded a page with X-Frame-Options
restrictions, which likely means that the submission went through. 如果您无法再访问这些对象之一,或者文档的正文为空,则表示iframe加载了具有
X-Frame-Options
限制的页面,这很可能意味着提交已通过。 It's hacky, but it looks like it will work for this purpose. 它很hacky,但看起来可以用于此目的。 (You'll probably have to go through a few combinations to figure out what the contents of restricted iframes look like in your target browsers.)
(您可能必须进行几种组合才能确定目标浏览器中受限iframe的内容。)
You can do it by getting the headers of the page. 您可以通过获取页面标题来实现。 In php it will be looks like,
在php中,
$url = 'http://www.google.com';
print_r(get_headers($url));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.