如何绕过访问控制允许来源? [英] how to bypass Access-Control-Allow-Origin?
问题描述
我正在一个平台上对我自己的服务器进行 ajax 调用,该平台设置为阻止这些 ajax 调用(但我需要它从我的服务器获取数据以显示从我的服务器数据库中检索到的数据).我的 ajax 脚本正在运行,它可以将数据发送到我服务器的 php 脚本以允许它进行处理.但是它无法取回处理过的数据,因为它被 "Access-Control-Allow-Origin"
I'm doing a ajax call to my own server on a platform which they set prevent these ajax calls (but I need it to fetch the data from my server to display retrieved data from my server's database).
My ajax script is working , it can send the data over to my server's php script to allow it to process.
However it cannot get the processed data back as it is blocked by "Access-Control-Allow-Origin"
我无法访问该平台的源代码/核心.所以我无法删除它不允许我这样做的脚本.(P/S 我使用了 Google Chrome 的控制台并发现了这个错误)
I have no access to that platform's source/core. so I can't remove the script that it disallowing me to do so. (P/S I used Google Chrome's Console and found out this error)
Ajax 代码如下图:
The Ajax code as shown below:
$.ajax({
type: "GET",
url: "http://example.com/retrieve.php",
data: "id=" + id + "&url=" + url,
dataType: 'json',
cache: false,
success: function(data)
{
var friend = data[1];
var blog = data[2];
$('#user').html("<b>Friends: </b>"+friend+"<b><br> Blogs: </b>"+blog);
}
});
或者是否有与上述 ajax 脚本等效的 JSON 代码?我认为 JSON 是允许的.
or is there a JSON equivalent code to the ajax script above ? I think JSON is allowed.
希望有人能帮帮我.
推荐答案
把这个放在retrieve.php 之上:
Put this on top of retrieve.php:
header('Access-Control-Allow-Origin: *');
请注意,这会有效地禁用 CORS 保护,并使您的用户容易受到攻击.如果您不确定是否需要允许所有来源,您应该将其锁定到更具体的来源:
Note that this effectively disables CORS protection, and leaves your users exposed to attack. If you're not completely certain that you need to allow all origins, you should lock this down to a more specific origin:
header('Access-Control-Allow-Origin: https://www.example.com');
请参考以下堆栈答案以更好地理解Access-Control-Allow-Origin
Please refer to following stack answer for better understanding of Access-Control-Allow-Origin
https://stackoverflow.com/a/10636765/413670
这篇关于如何绕过访问控制允许来源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
