绕过AJAX同源政策-一种特殊情况 [英] Bypassing the AJAX Same-Origin Policy - A particular case
问题描述
当我尝试使用Ajax/JQuery动态刷新页面内容时,我了解了S-O-P问题和限制,但是我想知道是否可以解决我的小问题.
While I was trying to refresh page contents dynamically using Ajax/JQuery, I have learned about the S-O-P issue and restrictions, however I was wondering if there could be a way to solve my little problem.
为了便于理解,我将首先解释工作流程.
To make it easier to understand I will first explain the workflow.
我确实通过电子邮件(即HTML电子邮件)接收网页.网页以这种方式包含HTML表单,一旦表单完成,就将其发送到适当的Web服务器(php)以存储数据.
I do receive web pages via email, that is HTML emails. The web pages contain HTML forms in such a way, once the form is complete it is sent to the proper web server (php) to store data.
我主要使用Outlook 2007作为电子邮件客户端(我在这里什么也没说!!!),但是出于安全方面的限制,打开"电子邮件时会禁用IFRAMES.我已经使用VBA脚本规避了这个问题,该脚本复制了整个页面的内容,将其作为独立的网页保存在文件系统中,然后加载到浏览器(Firefox)中.
I mostly use Outlook 2007 as my email client (don't say anything here, I know!!!), but for some security restrictions, IFRAMES are disabled when "opening" the email. I have circumvented this problem using a VBA script that copies the whole page content, saves it on the filesystem as a stand-alone web page and loads into the browser (Firefox).
将页面加载到浏览器后,地址栏将显示本地/文件系统URL,例如
Once the page is loaded into the browser, the address bar shows a local/filesystem URL, such as
file:///C:/Users/Bob/Desktop/outlookpage.htm
到这里都没问题,效果很好;现在的问题:
Till here no problem, works fine; now the problem:
我希望使用Ajax,使用 jQuery.load
动态更新页面内容,但这是SOP的所在.被加载以动态更新Web页面的PHP页面被视为在另一个页面上运行域,因此被阻止了.
I wished to dynamic update page contents using Ajax, using jQuery.load
, however that's where the S-O-P comes in. The PHP page being loaded to dynamically update the web page is seen as running on another domain, thus being blocked.
我想知道如何规避这个问题.
I was wondering how to circumvent this.
推荐答案
这是行不通的,因为要绕过同一原始策略,您需要在同一域上使用代理,然后该代理将与在不同域上处理数据的页面.无法在另一位用户的计算机上生成代理脚本(至少应该没有办法).我要么只是正常发布表单,这将打开用户的默认浏览器,要么在电子邮件中提供指向在线表单的链接.如果他们的电子邮件客户端不支持HTML电子邮件,则无论如何都应提供该链接.
That's not going to work because in order to bypass the same origin policy, you would need to use a proxy on the same domain, which will then communicate to the page that's handling the data on a different domain. There's no way to generate a proxy script on another user's computer (or at least, there SHOULDN'T BE A WAY). I would either just post the form normally, which will open the user's default browser, or provide a link to an online form in the email. The link should be provided anyway, in case their email client doesn't support HTML email.
这篇关于绕过AJAX同源政策-一种特殊情况的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!