跨域请求被阻止 [英] Cross-Origin Request Blocked on

问题描述

我有一个WordPress网站，而我的哥达印章却出现了错误.我的网站页脚的小部件部分中有用于验证图像的html.

I have a WordPress site and I am getting an error from my godaddy seal. I have the html for the verify image in a widget section of the footer of my site.

重新加载页面并检查Firebug时，我在控制台中收到此错误.

When I reload the page and check firebug I am getting this error in the console.

跨源请求被阻止:同源策略禁止阅读 位于的远程资源 https://seal.godaddy.com/setSealAttr?sealID=ID# .这可以解决 通过将资源移到同一域或启用CORS.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://seal.godaddy.com/setSealAttr?sealID=ID#. This can be fixed by moving the resource to the same domain or enabling CORS.

我试图查找有关此问题的信息，这有点让我烦恼.任何人都可以填写引发此错误的内容以及如何解决此问题的方法吗?我只是想了解如何发生此错误.是在某处与jquery发生冲突问题，还是密封的加载方式或加载的时间?

I have tried to look up information on this issue and it's a bit over my head. Can anyone fill me in on what is throwing this error and how I might go about fixing the issue? I am just trying to understand how this error happens. Is it a conflict issue with jquery somewhere, or is it the way the seal is being loaded or perhaps the time it is being loaded?

任何帮助将不胜感激.

推荐答案

查看同一来源政策.关于

这可以通过将资源移到相同的域来解决，或者 启用CORS

This can be fixed by moving the resource to the same domain or enabling CORS

事实上，您正在使用WordPress，您可以像这样非常容易地创建代理:

and the fact you are using WordPress, you can create a proxy very easy like this :

proxy.php:

proxy.php :

<?
header('Content-type: application/json');
$url=$_GET['url'];
$json=file_get_contents($url);
echo $json;
?>

然后，您要像AJAX一样在域之外调用资源，请使用proxy.php来伪造您试图从同一域访问资源的信息.喜欢:

Then you want to call a resource outside the domain, as with AJAX, use proxy.php to fake that you are trying access the resource from the same domain. Like :

var url= "my-external-resource.com?param=value";
url = 'proxy.php?url='+url:
$.ajax({
    url: url,
    dataType: 'json',
    success:  function (data) {
        ...
    }
});

这里的结果应该是JSON，但只需将标头/数据类型更改为HTML，XML或任何需要的内容即可.

Here the result is expected to be JSON, but just change header / datatype to HTML, XML or whatever if needed.

更新:@Jason提出了有关安全性的有趣观点.我完全同意.通常情况下，可以通过.htaccess和<Files>指令阻止对文件的远程访问:

Update : @Jason raises an interesting point about security. I totally agree. Under normal circumstances one could prevent remote access to files by .htaccess and a <Files> directive :

<Files proxy.php>
    Order Deny,Allow
    Deny from All
    Allow from 127.0.0.1
</Files>

...但这并不令人满意，因为它也会阻止在AJAX调用中使用proxy.php.一种解决方案是检查proxy.php是否被另一个脚本调用:

...but this is not satisfactory, since it will prevent using proxy.php in AJAX calls as well. A solution is to check if proxy.php is called by another script :

if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
    header('HTTP/1.0 403 Forbidden');
    die('You are not allowed to access this file.');     
}

这将允许在javascript AJAX调用中使用proxy.php，但阻止从远程(或本地)直接访问.有关$_SERVER['HTTP_X_REQUESTED_WITH']和XMLHttpRequest的更多信息，请参见 此答案 .

This will allow using proxy.php in javascript AJAX calls, but prevent direct access from remote (or locally). See this answer for more about $_SERVER['HTTP_X_REQUESTED_WITH'] and XMLHttpRequest.

这篇关于跨域请求被阻止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！