跨域网站推广 [英] Cross-domain website promotion
问题描述
我想为我的用户提供一种方法,在他们的网站上宣传我的网站,博客等。
我可以做一个横幅,标志任何他们可以嵌入到他们的网站,但我想提供动态内容,如我的博客上的最新条目的标题。
I'd like to offer a way to my users to promote my website, blog etc. on their website. I can make a banner, logo whatever that they can embed to their site, but I'd like to offer dynamic content, like "the 5 newest entry's title from my blog".
问题是同源策略。我知道有一个解决方案(我使用它):他们嵌入一个简单的div和一个JavaScript文件。 JS向我的服务器发送一个XmlHttpRequest,并将数据作为JSONP获取,解析数据并插入到div中。
The problem is the same origin policy. I know there is a solution (and I use it): they embed a simple div and a JavaScript file. The JS makes an XmlHttpRequest to my server and gets the data as JSONP, parses the data and inserts into the div.
但它是唯一的方法吗?有没有更好的方法,我可以做到这一点?
在互联网上有很多小部件(或任何,我不知道他们叫什么...),从另一个域获取数据。他们怎么做的?
But is it the only way? Isn't there a better way I could do this? On the Internet there are tons of widget (or whatever, I don't know how they call...) that gain the data from another domain. How they do that?
推荐答案
您还可以设置HTTP Access-Control 在服务器端。这样,您基本上从服务器端控制是否允许已发出XMLHttpRequest的客户端处理响应。
You can also set the HTTP Access-Control headers in the server side. This way you're basically controlling from the server side on whether the client who has fired the XMLHttpRequest is allowed to process the response. Any recent (and decent) webbrowser will take action accordingly.
这里是一个以PHP为目标的例子,如何相应地设置标题。
Here's a PHP-targeted example how to set the headers accordingly.
header('Access-Control-Allow-Origin: *'); // Everone may process the response.
header('Access-Control-Max-Age: 604800'); // Client may cache this for one week.
header('Access-Control-Allow-Methods: GET, POST'); // Allowed request methods.
键 Access-Control-Allow-Origin:* 。这通知客户端来自 * (事实上,无处不在)的请求被允许处理响应。如果您将它设置为例如 Access-Control-Allow-Origin:http://example.com ,则webbrowser只能在初始页面时处理响应
The key is Access-Control-Allow-Origin: *. This informs the client that requests originating from * (in fact, everywhere) is allowed to process the response. If you set it to for example Access-Control-Allow-Origin: http://example.com, then the webbrowser may only process the response when the initial page is been served from the mentioned domain.
- MDC - HTTP Access Control
这篇关于跨域网站推广的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
