Help, if you can-
帮助,如果你能 -
The situation:
情况:
http://foobar.com includes a remotely hosted javacript file (http://boobar.com/stuff.js).
http://foobar.com包含一个远程托管的javacript文件(http://boobar.com/stuff.js)。
The goal is to just get an alert from the remotely hosted php script on foobar.com
目标是从foobar.com上的远程托管的PHP脚本获取警报
I have tried the following code in stuff.js:
我在stuff.js中尝试了以下代码:
$.ajax({
type: "GET",
url: "http://www.boobar.com/script.php?callback=?",
dataType: 'jsonp',
success: function(result) { alert(result); }
});
No luck.
没有运气。
$.getJSON("http://www.boobar.com/script.php?jsonp=?",
function(data) { alert(data); }
);
Also no luck.
也没有运气。
On the php side I have tried both the following:
在php方面,我尝试了以下两种方法:
return json_encode(array(0 => 'test'));
echo json_encode(array(0 => 'test'));
In Firefox I get a security error. I understand that it thinks I'm violating the security model. However, according to the jquery documentation, I should be able to accomplish this.
在Firefox中我收到安全错误。我知道它认为我违反了安全模型。但是,根据jquery文档,我应该能够做到这一点。
6 个解决方案
#1
8
The error seems to be a security feature of the Same Origin Policy: to simplify, you can only make AJAX requests for stuff on the originating server (http://foobar.com). One way around this is to make a simple facade on the originating server, e.g.:
该错误似乎是同源策略的安全功能:为了简化,您只能对原始服务器(http://foobar.com)上的内容发出AJAX请求。解决这个问题的一种方法是在原始服务器上创建一个简单的外观,例如:
<?php
// this file resides at http://foobar.com/getstuff.php
echo file_get_contents('http://www.boobar.com/script.php?callback=?'
. $possibly_some_other_GET_parameters );
?>
Then, from foobar.com, you can make an AJAX request for http://foobar.com/getstuff.php (which in turn makes a HTTP GET request from your web server to boobar.com and sends it back to the browser).
然后,从foobar.com,您可以为http://foobar.com/getstuff.php发出一个AJAX请求(它会从您的Web服务器向boobar.com发出HTTP GET请求并将其发送回浏览器) 。
To the browser, the request goes to the origin server, and is allowed (the browser has no way of knowing that the response comes from somewhere else behind the scene).
对于浏览器,请求进入原始服务器,并且被允许(浏览器无法知道响应来自场景后面的其他地方)。
Caveats:
注意事项:
- the PHP config at foobar.com must have
allow_url_fopenset to "1". Although this is the default setting, some servers have it disabled. - foobar.com上的PHP配置必须将allow_url_fopen设置为“1”。虽然这是默认设置,但某些服务器已将其禁用。
- the request to www.boobar.com is made from foobar.com server, not from the browser. That means no cookies or user authentication data are sent to www.boobar.com, just whatever you put into the request URL ("
$possibly_some_other_GET_parameters"). - 对www.boobar.com的请求来自foobar.com服务器,而不是来自浏览器。这意味着没有cookie或用户身份验证数据被发送到www.boobar.com,无论您放入请求URL(“$ possible_some_other_GET_parameters”)。
#2
4
You can get data from another server asynchronously using script tags and json:
您可以使用脚本标记和json以异步方式从另一台服务器获取数据:
<script type="text/javascript" src="http://somesite.com/path/to/page/"></script>
You can use this to dynamically load a remote javascript (by created a new script element and setting the src attribute, then loading into the DOM), which could set a variable. However, you need to really trust the remote site, because the JS will be evaluated without any precondition.
您可以使用它来动态加载远程javascript(通过创建新的脚本元素并设置src属性,然后加载到DOM中),这可以设置变量。但是,您需要真正信任远程站点,因为JS将在没有任何先决条件的情况下进行评估。
#3
1
There is a method called window.name transport or window.name method which uses a general browser bug(not sure if this is a bug actually). You make the request through an iFrame and the loaded page puts the information you need to the "name" property of the JavaScript window object of itself.
有一个名为window.name transport或window.name方法的方法,它使用一般的浏览器错误(不确定这实际上是否是一个bug)。您通过iFrame发出请求,加载的页面将您需要的信息放入JavaScript窗口对象的“name”属性中。
This method uses a "blank.htm" since it first navigates to the target page and then goes back to the blank.htm page to overcome the "same origin policy" restriction.
此方法使用“blank.htm”,因为它首先导航到目标页面,然后返回到blank.htm页面以克服“相同的原始策略”限制。
Dojo have implemented this and you can find a more detailed explanation here.
Dojo已实现此功能,您可以在此处找到更详细的说明。
Also I have implemented a cross-domain XMLHttpRequest object based on this method in the library I have written which can be found here.
此外,我已经在我编写的库中实现了基于此方法的跨域XMLHttpRequest对象,可以在此处找到。
You may not be able to use the library since it will need 1 or 2 additional libraries which can be found here.
您可能无法使用该库,因为它需要1或2个额外的库,可在此处找到。
If you need further help in implementing it in your style, I'll try to do my best.
如果您需要进一步帮助实现它的风格,我会尽力做到最好。
#4
0
So what I ended up doing, since it was just a GET - no data need to be retrieved - I used JQuery to create a hidden iframe with the URL including the variables I wanted to pass set as the source. Worked like a charm. To all who provded feedback - Thanks!
所以我最终做了什么,因为它只是一个GET - 没有数据需要检索 - 我使用JQuery创建一个隐藏的iframe,其URL包括我想要传递的变量作为源。工作就像一个魅力。对所有提出反馈的人 - 谢谢!
#5
0
How about this !! Using a php proxy.
这个怎么样 !!使用php代理。
Cross-Domain AJAX calls using PHP http://www.phpfour.com/blog/2008/03/cross-domain-ajax-using-php/
使用PHP进行跨域AJAX调用http://www.phpfour.com/blog/2008/03/cross-domain-ajax-using-php/
#6
0
jQuery .ajax also has a setting 'crossDomain'.
jQuery .ajax也有一个设置'crossDomain'。
http://api.jquery.com/jQuery.ajax/
http://api.jquery.com/jQuery.ajax/
crossDomain (default: false for same-domain requests, true for cross-domain requests) Type: Boolean If you wish to force a crossDomain request (such as JSONP) on the same domain, set the value of crossDomain to true. This allows, for example, server-side redirection to another domain. (version added: 1.5)
#1
8
The error seems to be a security feature of the Same Origin Policy: to simplify, you can only make AJAX requests for stuff on the originating server (http://foobar.com). One way around this is to make a simple facade on the originating server, e.g.:
该错误似乎是同源策略的安全功能:为了简化,您只能对原始服务器(http://foobar.com)上的内容发出AJAX请求。解决这个问题的一种方法是在原始服务器上创建一个简单的外观,例如:
<?php
// this file resides at http://foobar.com/getstuff.php
echo file_get_contents('http://www.boobar.com/script.php?callback=?'
. $possibly_some_other_GET_parameters );
?>
Then, from foobar.com, you can make an AJAX request for http://foobar.com/getstuff.php (which in turn makes a HTTP GET request from your web server to boobar.com and sends it back to the browser).
然后,从foobar.com,您可以为http://foobar.com/getstuff.php发出一个AJAX请求(它会从您的Web服务器向boobar.com发出HTTP GET请求并将其发送回浏览器) 。
To the browser, the request goes to the origin server, and is allowed (the browser has no way of knowing that the response comes from somewhere else behind the scene).
对于浏览器,请求进入原始服务器,并且被允许(浏览器无法知道响应来自场景后面的其他地方)。
Caveats:
注意事项:
- the PHP config at foobar.com must have
allow_url_fopenset to "1". Although this is the default setting, some servers have it disabled. - foobar.com上的PHP配置必须将allow_url_fopen设置为“1”。虽然这是默认设置,但某些服务器已将其禁用。
- the request to www.boobar.com is made from foobar.com server, not from the browser. That means no cookies or user authentication data are sent to www.boobar.com, just whatever you put into the request URL ("
$possibly_some_other_GET_parameters"). - 对www.boobar.com的请求来自foobar.com服务器,而不是来自浏览器。这意味着没有cookie或用户身份验证数据被发送到www.boobar.com,无论您放入请求URL(“$ possible_some_other_GET_parameters”)。
#2
4
You can get data from another server asynchronously using script tags and json:
您可以使用脚本标记和json以异步方式从另一台服务器获取数据:
<script type="text/javascript" src="http://somesite.com/path/to/page/"></script>
You can use this to dynamically load a remote javascript (by created a new script element and setting the src attribute, then loading into the DOM), which could set a variable. However, you need to really trust the remote site, because the JS will be evaluated without any precondition.
您可以使用它来动态加载远程javascript(通过创建新的脚本元素并设置src属性,然后加载到DOM中),这可以设置变量。但是,您需要真正信任远程站点,因为JS将在没有任何先决条件的情况下进行评估。
#3
1
There is a method called window.name transport or window.name method which uses a general browser bug(not sure if this is a bug actually). You make the request through an iFrame and the loaded page puts the information you need to the "name" property of the JavaScript window object of itself.
有一个名为window.name transport或window.name方法的方法,它使用一般的浏览器错误(不确定这实际上是否是一个bug)。您通过iFrame发出请求,加载的页面将您需要的信息放入JavaScript窗口对象的“name”属性中。
This method uses a "blank.htm" since it first navigates to the target page and then goes back to the blank.htm page to overcome the "same origin policy" restriction.
此方法使用“blank.htm”,因为它首先导航到目标页面,然后返回到blank.htm页面以克服“相同的原始策略”限制。
Dojo have implemented this and you can find a more detailed explanation here.
Dojo已实现此功能,您可以在此处找到更详细的说明。
Also I have implemented a cross-domain XMLHttpRequest object based on this method in the library I have written which can be found here.
此外,我已经在我编写的库中实现了基于此方法的跨域XMLHttpRequest对象,可以在此处找到。
You may not be able to use the library since it will need 1 or 2 additional libraries which can be found here.
您可能无法使用该库,因为它需要1或2个额外的库,可在此处找到。
If you need further help in implementing it in your style, I'll try to do my best.
如果您需要进一步帮助实现它的风格,我会尽力做到最好。
#4
0
So what I ended up doing, since it was just a GET - no data need to be retrieved - I used JQuery to create a hidden iframe with the URL including the variables I wanted to pass set as the source. Worked like a charm. To all who provded feedback - Thanks!
所以我最终做了什么,因为它只是一个GET - 没有数据需要检索 - 我使用JQuery创建一个隐藏的iframe,其URL包括我想要传递的变量作为源。工作就像一个魅力。对所有提出反馈的人 - 谢谢!
#5
0
How about this !! Using a php proxy.
这个怎么样 !!使用php代理。
Cross-Domain AJAX calls using PHP http://www.phpfour.com/blog/2008/03/cross-domain-ajax-using-php/
使用PHP进行跨域AJAX调用http://www.phpfour.com/blog/2008/03/cross-domain-ajax-using-php/
#6
0
jQuery .ajax also has a setting 'crossDomain'.
jQuery .ajax也有一个设置'crossDomain'。
http://api.jquery.com/jQuery.ajax/
http://api.jquery.com/jQuery.ajax/
crossDomain (default: false for same-domain requests, true for cross-domain requests) Type: Boolean If you wish to force a crossDomain request (such as JSONP) on the same domain, set the value of crossDomain to true. This allows, for example, server-side redirection to another domain. (version added: 1.5)