跨域AJAX调用,是否授权对文件内容的所有请求?
[英]Cross domain AJAX call, authorize all requests for file's content?
问题描述
I want to provide other sites with a banner from my site but I want to keep the banner on my server and have them include it with javascript, like Facebook plugins/google ads do. 
我想为其他网站提供来自我网站的横幅,但我想将横幅保留在服务器上,并使用javascript将其包含在其中,就像Facebook插件/谷歌广告一样。
The banner is hosted on site A. On site BI have this code: 标语托管在站点A上。在站点BI上具有以下代码:
<div id="bannerContainer"></div>
<script type="text/javascript" src="http://mysite.com/plugins/includebanner.js"></script>
includebanner.js does an AJAX call to get the banner and place it inside bannerContainer but I'm getting error: includebanner.js进行了AJAX调用,以获取横幅并将其放置在bannerContainer中,但出现错误:
Origin http://lventas.com is not allowed by Access-Control-Allow-Origin.
How do I allow all websites to include the banner? 如何允许所有网站都包含横幅? Are there other easy ways to include a banner hosted in site A from other site? 还有其他简便的方法可以包含来自其他站点的站点A中托管的横幅吗?
Edit: 编辑:
This is the script that requests the content:
function ajax(url, id_contenedor)
{
var pagina_requerida = false;
if (window.XMLHttpRequest)
{
pagina_requerida = new XMLHttpRequest ();
} else if (window.ActiveXObject)
{
try
{
pagina_requerida = new ActiveXObject ("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
pagina_requerida = new ActiveXObject ("Microsoft.XMLHTTP");
}
catch (e)
{
}
}
}
else
return false;
pagina_requerida.onreadystatechange = function ()
{
cargarpagina (pagina_requerida, id_contenedor);
}
pagina_requerida.open ('GET', url, true); // asignamos los métodos open y send
pagina_requerida.send (null);
}
function cargarpagina (pagina_requerida, id_contenedor)
{
if (pagina_requerida.readyState == 4 && (pagina_requerida.status == 200 || window.location.href.indexOf ("http") == - 1))
document.getElementById (id_contenedor).innerHTML = pagina_requerida.responseText;
}
ajax('http://lujanventas.com/plugins/banner/index.php', 'banner-root');
2 个解决方案
解决方案1
0 已采纳 2012-05-29 15:51:46
It appears you are running into the normal JS cross-site scripting restrictions. 看来您遇到了常规的JS跨站点脚本限制。 By default cross-site scripting capabilities apply some restrictions on what and who can call the endpoint. 默认情况下,跨站点脚本功能对可调用端点的对象和角色施加了一些限制。 You didn't provide any sample of what you are trying to do code wise but you can check out this link as an example: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html 您没有提供任何示例来说明如何明智地执行代码,但是您可以查看以下链接作为示例: http : //jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying -with-jquery.html
EDIT: 编辑:
It would help to see the JavaScript call itself but if you plugin the error to Google or Bing the first result for me was another SO post: XmlHttpRequest error: Origin null is not allowed by Access-Control-Allow-Origin 这将有助于查看JavaScript本身,但是如果您将错误插入Google或Bing,则对我而言,第一个结果是另一个SO帖子: XmlHttpRequest错误:Access-Control-Allow-Origin不允许使用Origin null
解决方案2
0 2012-05-29 16:02:55
With javascript/jquery you can draw an iframe instead of a div, and set its src attribute to the url of your banner. 使用javascript / jquery,您可以绘制iframe而不是div,并将其src属性设置为横幅广告的url。
$('<iframe />', {
name: 'myFrame',
id: 'myFrame',
src: 'http://www.mywebsite.com/'
}).appendTo('body');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.