Facebook xhr登录：跨域请求被阻止 [英] Facebook xhr login: Cross-Origin Request Blocked

问题描述

我有这个问题，当我尝试使用XHR通过Facebook登录我的网站上的用户时，我的请求被阻止了，但是，如果我复制XHR请求的URL并将其粘贴到浏览器中，我就可以登录。

所以这是一个简单的示意图：

为什么xhr在浏览器可以访问的同一URL上被阻止？

解决方案

为什么xhr在浏览器可以访问的同一URL上被阻止？

因为它是跨域请求，因此，远程方必须首先允许该请求，这就是所谓的CORS。

不允许通过来自不同域的脚本加载其登录对话框-显而易见的原因是用户需要能够确定要通过浏览器地址栏将登录凭据发送到哪个站点，以避免网络钓鱼。

您无法加载FB登录对话框通过XHR / AJAX在后台进行；您需要在顶部窗口实例中对其进行调用/重定向。

I have this problem, when I try to log in users on my website through facebook using XHR my request gets blocked, however if I copy the URL of the XHR request and paste it in the browser I get logged in.

So here's a simple schematic:

Why is xhr getting blocked on the same url a browser can access?

解决方案

Why is xhr getting blocked on the same url a browser can access?

Because it is a cross-domain request, and as such the remote party would have to allow that request first, which is what is referred to as CORS.

Facebook does not allow its login dialog to be loaded via script from different domains – for the obvious reason that users need to be able to be verify which site they are sending their login credentials to via the browser address bar, to avoid phishing.

You can not load the FB login dialog via XHR/AJAX in the background; you need to call/redirect to it in the top window instance.

这篇关于Facebook xhr登录：跨域请求被阻止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！