堆栈内存溢出
  简体   繁体   English

这个Cross Domain ajax请求如何工作?

[英]How does this Cross Domain ajax request work?

 原文  2012-01-08 04:34:29       javascript/ ajax/ xmlhttprequest/ cross-domain

问题描述

I'm looking at this question and in it is a link to http://hacks.mozilla.org/2011/03/the-shortest-image-uploader-ever/ which has the following code: 我正在查看这个问题,它是http://hacks.mozilla.org/2011/03/the-shortest-image-uploader-ever/的链接,其中包含以下代码: 

var fd = new FormData();
fd.append("image", file); // Append the file
fd.append("key", "6528448c258cff474ca9701c5bab6927");
// Get your own key: http://api.imgur.com/

// Create the XHR (Cross-Domain XHR FTW!!!)
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://api.imgur.com/2/upload.json"); // Boooom!
xhr.onload = function() {
    // Big win!
    // The URL of the image is:
    JSON.parse(xhr.responseText).upload.links.imgur_page;
 }
 // Ok, I don't handle the errors. An exercice for the reader.
 // And now, we send the formdata
 xhr.send(fd);

How does this cross domain request work? 这个跨域请求如何工作? I thought as a rule there are security restrictions that stop people from doing just this. 我认为通常有安全限制阻止人们做这件事。

2 个解决方案

解决方案1
 3 已采纳  2012-01-08 04:51:43

The server is reponding with the Access-Control-Allow-Origin set to allow cross domain requests 服务器正在响应,设置了Access-Control-Allow-Origin以允许跨域请求 

Response Headers
Access-Control-Allow-Origin: *  
Cache-Control   max-age=604800
Connection  keep-alive
Content-Length  494
Content-Type    application/json

http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea

http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors

解决方案2
 1  2012-01-08 04:52:54

Imgur implements Cross-Origin Resource Sharing (CORS). Imgur实现跨源资源共享(CORS)。

The CORS standard works by adding new HTTP headers that allow servers to serve resources to permitted origin domains. CORS标准的工作原理是添加新的HTTP标头,允许服务器将资源提供给允许的源域。 Browsers support these headers and enforce the restrictions they establish. 浏览器支持这些标头并强制执行它们建立的限制。 Additionally, for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers “preflight” the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon “approval” from the server, sending the actual request with the actual HTTP request method. 此外,对于可能对用户数据产生副作用的HTTP请求方法(特别是对于GET以外的HTTP方法,或对某些MIME类型的POST使用),规范要求浏览器“预检”请求,请求支持的方法从具有HTTP OPTIONS请求标头的服务器,然后,在服务器“批准”时,使用实际的HTTP请求方法发送实际请求。 Servers can also notify clients whether “credentials” (including Cookies and HTTP Authentication data) should be sent with requests. 服务器还可以通知客户端是否应随请求一起发送“凭据”(包括Cookie和HTTP身份验证数据)。

See http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/ for more information. 有关更多信息,请参见http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 此跨域请求如何工作? - How does this cross-domain request work? 跨域ajax请求不发送响应 - Cross domain ajax request does not send response jQuery-跨域请求不起作用 - jQuery - Cross domain request does not work Ajax-跨域请求是否返回请求标头? - Does Ajax - cross domain request return the request header? Facebook如何跨域Ajax调用? - how facebook does cross domain ajax call? 跨域文件(接收器)如何工作? - How does cross domain file (receiver) work? OpenSeadragon跨域Ajax请求 - OpenSeadragon Cross Domain Ajax request Ajax跨域脚本请求 - Ajax cross domain script request 跨域Ajax获取请求 - Cross Domain Ajax get Request 使用Jquery(不是AJAX)的跨域请求 - Cross Domain request with Jquery (not AJAX)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM