stackoom
  简体   繁体   中英

JavaScript access from parent domain to subdomain?

 原文  2011-06-08 11:19:19       javascript/ cross-domain/ cross-domain-policy

Question

I've read that setting document.domain = "example.com" lets me access the parent domain from a subdomain.

Will the same work the other way around?

Let's say my main site is running under http://example.com . All API functions that I want to access via AJAX (GET & POST) are hosted on http:// api .example.com .

Will I be able to access api.example.com from example.com ?

EDIT : Looking at document.domain again, I don't think that this will solve the problem. The result from calls to api .example.com are not necessary HTML, but output from a PHP script running on the API server. It can be JSON, plain text, etc. so there's no way to set document.domain for that (since it's not an iframe).

1 answers

solution1
 7 ACCPTED  2011-06-08 11:21:19

You need to set document.domain on BOTH pages

Alternatively set CORS headers on your server:

http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/

A Quick Overview of CORS

Firefox 3.5 and Safari 4 implement the CORS specification, using XMLHttpRequest as an “API container” that sends and receives the appropriate headers on behalf of the web developer, thus allowing cross-site requests. IE8 implements part of the CORS specification, using XDomainRequest as a similar “API container” for CORS, enabling simple cross-site GET and POST requests. Notably, these browsers send the ORIGIN header, which provides the scheme (http:// or https://) and the domain of the page that is making the cross-site request. Server developers have to ensure that they send the right headers back, notably the Access-Control-Allow-Origin header for the ORIGIN in question (or ” * ” for all domains, if the resource is public) .

The CORS standard works by adding new HTTP headers that allow servers to serve resources to permitted origin domains. Browsers support these headers and enforce the restrictions they establish. Additionally, for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers “preflight” the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon “approval” from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether “credentials” (including Cookies and HTTP Authentication data) should be sent with requests.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JavaScript cross domain access from subdomain in iframe Access root domain's localStorage from subdomain Access javascript variable from subdomain JavaScript domain read cookie from subdomain Access cookies set on subdomain from parent how to access a subdomain's html5 localStorage from the root domain? Get the domain name of the subdomain Javascript Redirect Subdomain to Domain using JavaScript Possible to access a function on a parent page from an iframe that is on a different subdomain? cross domain access in iframe from parent to child
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM