使用AJAX加载跨域端点 [英] Loading cross-domain endpoint with AJAX
问题描述
我正在尝试使用AJAX加载跨域HTML页面,但除非dataType为 jsonp,否则无法获得响应。但是,使用jsonp时,浏览器期望使用脚本mime类型,但接收到 text / html。
I'm trying to load a cross-domain HTML page using AJAX but unless the dataType is "jsonp" I can't get a response. However using jsonp the browser is expecting a script mime type but is receiving "text/html".
我对请求的代码是:
$.ajax({
type: "GET",
url: "http://saskatchewan.univ-ubs.fr:8080/SASStoredProcess/do?_username=DARTIES3-2012&_password=P@ssw0rd&_program=%2FUtilisateurs%2FDARTIES3-2012%2FMon+dossier%2Fanalyse_dc&annee=2012&ind=V&_action=execute",
dataType: "jsonp",
}).success( function( data ) {
$( 'div.ajax-field' ).html( data );
});
有什么方法可以避免对请求使用jsonp吗?我已经尝试使用crossDomain参数,但没有用。
Is there any way of avoiding using jsonp for the request? I've already tried using the crossDomain parameter but it didn't work.
如果没有,则无法在jsonp中接收html内容吗?当前控制台在说意外<。
If not is there any way of receiving the html content in jsonp? Currently the console is saying "unexpected <" in the jsonp reply.
推荐答案
jQuery Ajax Notes
- 由于浏览器的安全性限制,大多数 Ajax 请求均受相同的原产地政策;该请求无法成功地从其他域,子域,端口或协议检索数据。
- 脚本和JSONP请求不受相同的原始策略限制。
- Due to browser security restrictions, most Ajax requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol.
- Script and JSONP requests are not subject to the same origin policy restrictions.
- CORS Proxy Alternatives
- Ways to circumvent the same-origin policy
- Breaking The Cross Domain Barrier
- Cross Domain AJAX Request with YQL and jQuery
- Cross-domain requests with jQuery.ajax
jQuery Ajax Notes
有一些方法可以克服跨域障碍:
There are some ways to overcome the cross-domain barrier:
有些插件可以帮助处理跨域请求:
There are some plugins that help with cross-domain requests:
Heads
解决此问题的最佳方法是在后端创建自己的代理,以便您的代理指向服务在其他域中,因为在后端不存在相同来源策略限制。但是,如果您不能在后端执行此操作,请注意以下提示。
The best way to overcome this problem, is by creating your own proxy in the back-end, so that your proxy will point to the services in other domains, because in the back-end not exists the same origin policy restriction. But if you can't do that in back-end, then pay attention to the following tips.
警告!
使用第三方代理不是安全的做法,因为它们可以跟踪您的数据,因此可以与公共信息一起使用,但是永远不会使用私有数据。
Using third-party proxies is not a secure practice, because they can keep track of your data, so it can be used with public information, but never with private data.
下面显示的代码示例使用 jQuery.get() 和 jQuery.getJSON() ,它们都是 jQuery.ajax()
CORS Anywhere是 node.js代理,它将CORS标头添加到被代理的请求。
要使用API,只需在URL前面加上API URL。 (支持 https :请参见 github存储库)
CORS Anywhere is a node.js proxy which adds CORS headers to the proxied request.
To use the API, just prefix the URL with the API URL. (Supports https: see github repository)
如果要在需要时自动启用跨域请求,请使用以下代码段:
If you want to automatically enable cross-domain requests when needed, use the following snippet:
$.ajaxPrefilter( function (options) {
if (options.crossDomain && jQuery.support.cors) {
var http = (window.location.protocol === 'http:' ? 'http:' : 'https:');
options.url = http + '//cors-anywhere.herokuapp.com/' + options.url;
//options.url = "http://cors.corsproxy.io/url=" + options.url;
}
});
$.get(
'http://en.wikipedia.org/wiki/Cross-origin_resource_sharing',
function (response) {
console.log("> ", response);
$("#viewer").html(response);
});
无论起源是跨域jsonp 访问。这是 anyorigin.com 的开源替代方案。
Whatever Origin is a cross domain jsonp access. This is an open source alternative to anyorigin.com.
要从 google.com 获取数据,您可以使用以下代码段:
To fetch the data from google.com, you can use this snippet:
// It is good specify the charset you expect.
// You can use the charset you want instead of utf-8.
// See details for scriptCharset and contentType options:
// http://api.jquery.com/jQuery.ajax/#jQuery-ajax-settings
$.ajaxSetup({
scriptCharset: "utf-8", //or "ISO-8859-1"
contentType: "application/json; charset=utf-8"
});
$.getJSON('http://whateverorigin.org/get?url=' +
encodeURIComponent('http://google.com') + '&callback=?',
function (data) {
console.log("> ", data);
//If the expected response is text/plain
$("#viewer").html(data.contents);
//If the expected response is JSON
//var response = $.parseJSON(data.contents);
});
CORS代理是一个简单的 node.js代理,用于为任何网站启用CORS请求。
它允许您站点上的javascript代码访问其他域上的资源,这些资源通常由于同源政策而被阻止。
CORS Proxy is a simple node.js proxy to enable CORS request for any website. It allows javascript code on your site to access resources on other domains that would normally be blocked due to the same-origin policy.
- CORS-Proxy gr2m
- CORS-Proxy rmadhuram
它是如何工作的?
CORS代理利用了跨域资源共享这一跨HTML资源添加的功能。服务器可以指定它们希望浏览器允许其他网站请求其托管的资源。 CORS Proxy只是一个HTTP Proxy,它在响应中添加一个标头,说任何人都可以请求。
How does it work? CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".
这是实现目标的另一种方式(请参见 www.corsproxy.com )。您所要做的就是从要代理的URL中删除 http:// 和 www。,并在URL前面加上 www.corsproxy.com /
This is another way to achieve the goal (see www.corsproxy.com). All you have to do is strip http:// and www. from the URL being proxied, and prepend the URL with www.corsproxy.com/
$.get(
'http://www.corsproxy.com/' +
'en.wikipedia.org/wiki/Cross-origin_resource_sharing',
function (response) {
console.log("> ", response);
$("#viewer").html(response);
});
最近,我发现了这个浏览器,它涉及各种面向安全性的跨源远程共享实用程序。但这是一个以Flash作为后端的黑匣子。
Recently I found this one, it involves various security oriented Cross Origin Remote Sharing utilities. But it is a black-box with Flash as backend.
您可以在此处查看其运行情况: CORS代理浏览器
在GitHub上获取源代码: koto / cors-proxy-browser
You can see it in action here: CORS proxy browser
Get the source code on GitHub: koto/cors-proxy-browser
这篇关于使用AJAX加载跨域端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
