[英]Overriden XMLHttpRequest for cross-domain requests
I'm wondering if there is a JavaScript library, which overrides XMLHttpRequest
and allows to transparently handle all cross-domain requests and seamlessly forward them over my same-origin server-side proxy. 我想知道是否有一个JavaScript库,该库重写XMLHttpRequest
并允许透明地处理所有跨域请求,并通过我的同源服务器端代理无缝地转发它们。
What I want is to have a common solution, which could be used together with any JavaScript library to make cross-domain requests (eg with cross-domain jQuery.ajax()
). 我想要的是拥有一个通用的解决方案,该解决方案可以与任何 JavaScript库一起使用以发出跨域请求(例如,与跨域jQuery.ajax()
)。
Are there any drawbacks to use such library (security problems, HTTPS access, etc.)? 使用此类库是否有任何缺点(安全性问题,HTTPS访问等)?
Update: 更新:
If such library is already created by someone, than I just do not want to reinvent the wheel and handle all corner cases again. 如果有人已经创建了这样的库,那么我就是不想重新发明轮子并再次处理所有极端情况。
If you just need to redirect every request to a specific proxy you could simply write it yourself, something in the lines of 如果您只需要将每个请求重定向到特定的代理,则可以自己编写,就像下面这样
XMLHttpRequest.prototype.oldOpen = XMLHttpRequest.prototype.open;
var newOpen = function(args) {
//overwrite arguments changing the original url to the proxy one,
//and add a parameter/header to send the original url to the proxy
this.oldOpen(args);
}
XMLHttpRequest.prototype.open = newOpen;
Since the proxy is in the same domain (if you want to allow x-domain proxy requests, just add the Access-Control-Allow-Origin header), it will not be sent any cookie of the remote domain (you won't have them anyway, since x-domains cookies are blocked - as long as you don't enter the field with the header Access-Control-Allow-Credentials). 由于代理位于同一域中(如果您想允许x域代理请求,只需添加Access-Control-Allow-Origin标头),就不会向其发送远程域的任何cookie(您将没有无论如何,它们都会被阻止,因为x域cookie被阻止了-只要您不输入标题为Access-Control-Allow-Credentials的字段即可。
Some security implications are rather obvious: 一些安全隐患非常明显:
A more complex (same domain, to fully support cookies) proxy implementation could even provide basic session handling for cross domain requests rewriting the headers: 更复杂的域(完全支持cookie的相同域)代理实现甚至可以为跨域请求重写标头提供基本的会话处理:
The proxy makes a request to www.remotedomain.com/querystring which responds with the header 代理向www.remotedomain.com/querystring发出请求,并以标头作为响应
Set-Cookie: name=value; Set-Cookie:名称=值; path=/; 路径= /; expires Mon, 31-Dec-2012 23:59:59 GMT 到期时间:格林尼治标准时间2012年12月31日星期一
The client receive the response back with the header 客户端收到标头返回的响应
Set-Cookie: name=value; Set-Cookie:名称=值; path=/www.remotedomain.com; 路径= / www.remotedomain.com; expires Mon, 31-Dec-2012 23:59:59 GMT 到期时间:格林尼治标准时间2012年12月31日星期一
On the next request the client will send the cookie, and the proxy will just forward them to the remote service 在下一个请求时,客户端将发送cookie,并且代理会将它们转发给远程服务
But I'm probably digressing too much. 但是我可能离题太多了。 :) :)
I will not use JS for this kind of needs... Just make all your AJAX calls to a PHP file (or whatever) on your server that acts as a proxy. 我不会使用JS来满足此类需求...只需对服务器上充当代理的PHP文件(或其他文件)进行所有AJAX调用即可。
It only needs to receive the url you want to call, POST or GET parameters and then make a cURL to the external server. 它只需要接收您要调用的URL,POST或GET参数,然后将cURL传递到外部服务器即可。
In return it will print the output of the cURL request. 作为回报,它将打印cURL请求的输出。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.