从本地html/javascript网站发布到在线PHP文件 [英] Posting from local html/javascript website to an online PHP file

问题描述

我要做什么

从本地html/javascript网站发布到在线PHP文件.

Post from a local html/javascript website to an online PHP file.

问题

当我尝试使用下面的代码时，我不断收到以下提到的错误.

When I attempt to utilise my below code, I keep receiving the below mentioned error.

背景:

该网站旨在在本地运行.由于每个用户都可以选择使用哪种浏览器，因此我希望找到一种可以解决上述问题的方法，而不必强加对每个用户进行浏览器策略修改.

This website is intended to run locally. As it's each user's choice which browser they use, I'm looking to discover an approach which could solve the above, without forcing browser policy modification onto each user.

有可能吗?

JavaScript代码:

$.ajax({
    type: 'POST',
    url: 'http://example.com/test.php',
    crossDomain: true,
    data: "my_request_is=foo",
    dataType: 'json',
    success: function(responseData, textStatus, jqXHR) 
    {
        console.log(responseData);
    },
    error: function (responseData, textStatus, errorThrown) 
    {
        console.warn(responseData, textStatus, errorThrown);
        alert('CORS failed - ' + textStatus);
    }
});

Php代码(test.php):

<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type');
echo json_encode(array("your_request_was" => $_POST['my_request_is']));
?>

错误:

推荐答案

默认情况下，在chrome(来自file:协议的chrome)中，不允许跨域请求.您可以关闭chrome，chrome的打开实例并使用--disable-web-security标志启动

By default cross-origin requests are not allowed at chrome, chromium from file: protocol. You can close open instances of chrome, chromium and launch with --disable-web-security flag

google-chrome --disabled-web-security

或通过设置其他user-data-dir

google-chrome --disable-web-security --user-data-dir="~/.config/google-chrome-temp"

---

有没有一种方法可以完成我需要做的事情，而 不需要我修改本地网络浏览器的政策?

is there an approach which could accomplish what I need to do, whilst not requiring me to modify the policies of local web-browsers?

不是铬，铬不修改默认设置；或创建Chrome扩展程序或应用来执行网络请求-同样，也需要设置正确的permissions.

Not at chrome, chromium without modifying default settings; or creating an chromium extension or app to perform network requests - where too, proper permissions need to be set.

此限制是有目的的.几个安全问题之一是，本地计算机上的用户可能在不知不觉中上传其计算机上一个或多个目录中所有文件的列表以及潜在的目录本身，而不必知道这一事实，请参见

The restriction is there for a purpose. One of the several security issues is that user at a local computer could, possibly unknowingly, upload a listing of all of the files in one or more directories on their computer, and potentially the directories themselves, without necessarily being aware of that fact, see

HTML5 File API中的FileReader.readAsText如何工作?

其中；注意，也可能在未设置标志的情况下发生.或者，所请求的脚本可以执行读取或写入本地文件系统的操作，而用户不必知道外部脚本正在访问其本地文件系统.

which; note, could also occur without flags being set. Or, a requested script could perform actions to read or write to local filesystem without user necessarily being aware of their local filesystem being accessed by an external script.

尽管有适当的限制，但用户必须执行肯定的操作才能禁用默认设置，从而限制从file:协议访问本地文件系统，并限制本地文件系统从null origin获取资源到一个不同的起源.

Though, with restrictions in place, the user has to perform an affirmative action to disable default settings restricting access to local file system from file: protocol, and restricting local file system to fetch resources from null origin to a different origin.

如@StefanoBalzarotti所述

As noted by @StefanoBalzarotti

很抱歉，如果我很挑剔，但是此限制与文件"无关: 协议，即使带有数据:"，关于:"等...您也无法交叉 原始请求.提出跨源请求的要求是 有一个起源的主机

sorry if I am fussy, but this limitation is not related to the 'file:' protocol, even with 'data:', 'about:' etc... you can't make a cross origin request. The requirement to make a cross origin request is to have an host for origin

应考虑到浏览器开发人员对跨源请求实施此类默认限制的原因.

which should be taken into consideration as to the reasons why browser developers would implement such a default limitation on cross origin request.

少量使用，并且意识到标志--disable-web-security和--allow-file-access-from-files的重要性，请参见

Used sparingly, and with awareness of the significance of the flags, the flags --disable-web-security and --allow-file-access-from-files, see

Chromium命令行开关列表

设计用于本地Web开发，而不是用于需要Web应用程序资源的本地应用程序的解决方法.

are designed for local web development, not as a workaround for a local application which requires resources from a web application.

--disable-web-security不要强制执行同源策略. (用过的 由人们测试他们的网站.)

--disable-web-security Don't enforce the same-origin policy. (Used by people testing their sites.)

--allow-file-access-from-files默认情况下，file://URI无法读取 其他file://URI.对于需要 测试的旧行为.

--allow-file-access-from-files By default, file:// URIs cannot read other file:// URIs. This is an override for developers who need the old behavior for testing.

标志说明中的测试"一词应强调标志的用法.这些标志不是为生产目的而设计的.

"testing" term in description of flags should provide emphasis of the usage of the flags. The flags are not designed for production usage.

替代品

• 创建Chrome扩展程序以执行网络任务；

• Create a chromium extension to perform network tasks;

创建一个Chrome应用来执行网络任务

Create a chrome app to perform network tasks

其中任何一个都需要在manifest.json上进行正确的permissions设置.

where either requires proper permissions settings at manifest.json.

这篇关于从本地html/javascript网站发布到在线PHP文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！