XMLHttpRequest跨站点脚本在同一服务器上但在不同端口上 [英] XMLHttpRequest cross site scripting on same server but different port
问题描述
使用XMLHttpRequest不能打开与页面本身所在的域不同的域上的文档的连接.
using XMLHttpRequest it is not possible to open a connection to a document on a different domain than where the page itself is hosted.
但是不同的端口呢?
例如,我的机器上运行着一个Web服务器,侦听端口80,因此Web地址应如下所示:
for example I have a webserver running on my machine listening on port 80 so the webaddress would look like this:
http://localhost:80/mypage.html
,我还有一个在本地主机上运行的网络服务器,该服务器用于处理ajax请求,但侦听其他端口.因此mypage.html中的javascript看起来像这样:
and I have another webserver running on localhost which is meant to process the ajax requests but listens on a different port. so the javascript in mypage.html would look like this:
var xmlhttprequest = new XMLHttpRequest();
xmlhttp.open("GET", "http://localhost:1234/?parameters", true);
xmlhttp.send();
这项工作吗?还是会给出安全例外?
would this work? or will it give a security exception as well?
推荐答案
使用其他端口确实算作跨站点脚本.
Using a different port does indeed count as cross-site scripting.
有几种众所周知的拨打电话(您始终可以发送数据)和使用响应(在抗xss约束下通常无法执行的操作)的方法,包括
There are several well-known ways to make a call (you can always send the data) and use the response (which is what you cannot normally do under anti-xss constraints), including JSONP and using an iframe in the page to load the data.
这篇关于XMLHttpRequest跨站点脚本在同一服务器上但在不同端口上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!