绕过AJAX同源政策-一种特殊情况 [英] Bypassing the AJAX Same-Origin Policy - A particular case

问题描述

当我尝试使用Ajax/JQuery动态刷新页面内容时，我了解了S-O-P问题和限制，但是我想知道是否可以解决我的小问题.

While I was trying to refresh page contents dynamically using Ajax/JQuery, I have learned about the S-O-P issue and restrictions, however I was wondering if there could be a way to solve my little problem.

为了便于理解，我将首先解释工作流程.

To make it easier to understand I will first explain the workflow.

我确实通过电子邮件(即HTML电子邮件)接收网页.网页以这种方式包含HTML表单，一旦表单完成，就将其发送到适当的Web服务器(php)以存储数据.

I do receive web pages via email, that is HTML emails. The web pages contain HTML forms in such a way, once the form is complete it is sent to the proper web server (php) to store data.

我主要使用Outlook 2007作为电子邮件客户端(我在这里什么也没说！！！)，但是出于安全方面的限制，打开"电子邮件时会禁用IFRAMES.我已经使用VBA脚本规避了这个问题，该脚本复制了整个页面的内容，将其作为独立的网页保存在文件系统中，然后加载到浏览器(Firefox)中.

I mostly use Outlook 2007 as my email client (don't say anything here, I know!!!), but for some security restrictions, IFRAMES are disabled when "opening" the email. I have circumvented this problem using a VBA script that copies the whole page content, saves it on the filesystem as a stand-alone web page and loads into the browser (Firefox).

将页面加载到浏览器后，地址栏将显示本地/文件系统URL，例如

Once the page is loaded into the browser, the address bar shows a local/filesystem URL, such as

file:///C:/Users/Bob/Desktop/outlookpage.htm

到这里都没问题，效果很好；现在的问题:

Till here no problem, works fine; now the problem:

我希望使用Ajax，使用 jQuery.load 动态更新页面内容，但这是SOP的所在.被加载以动态更新Web页面的PHP页面被视为在另一个页面上运行域，因此被阻止了.

I wished to dynamic update page contents using Ajax, using jQuery.load, however that's where the S-O-P comes in. The PHP page being loaded to dynamically update the web page is seen as running on another domain, thus being blocked.

我想知道如何规避这个问题.

I was wondering how to circumvent this.

推荐答案

这是行不通的，因为要绕过同一原始策略，您需要在同一域上使用代理，然后该代理将与在不同域上处理数据的页面.无法在另一位用户的计算机上生成代理脚本(至少应该没有办法).我要么只是正常发布表单，这将打开用户的默认浏览器，要么在电子邮件中提供指向在线表单的链接.如果他们的电子邮件客户端不支持HTML电子邮件，则无论如何都应提供该链接.

That's not going to work because in order to bypass the same origin policy, you would need to use a proxy on the same domain, which will then communicate to the page that's handling the data on a different domain. There's no way to generate a proxy script on another user's computer (or at least, there SHOULDN'T BE A WAY). I would either just post the form normally, which will open the user's default browser, or provide a link to an online form in the email. The link should be provided anyway, in case their email client doesn't support HTML email.

这篇关于绕过AJAX同源政策-一种特殊情况的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！