JavaScript跨域调用:从HTTP调用到HTTPS [英] JavaScript cross-domain call: call from HTTP to HTTPS

问题描述

我需要对同一个域的安全 (HTTPS) URL 进行异步调用.

I need to make an asynchronous call to a secure (HTTPS) URL for the same domain.

当前页面正在使用常规 HTTP(非安全).

Currently the page is working with regular HTTP (non-secure).

换句话说:这是调用同一域中但使用 HTTPS 的 URL.

In other words: this is calling an URL in the same domain but using HTTPS.

在将此调用切换到 HTTPS 之前，我结束了实现服务器端代理以允许跨域 AJAX 调用，但现在我面临着同源策略，因为 HTTP 和 HTTPS 也被认为是不同的源.所以这个代理无法使用.

Before switching this calls to HTTPS I ended implementing a server-side proxy to allow cross-domain AJAX calls, but now I'm facing same origin policy since HTTP and HTTPS are considered different origins too. So this proxy is unusable.

总结:这种场景下如何做跨域、异步的POST请求?

各种注释:

• 我无法接受任何建议使用 JSONP 的答案.异步调用必须使用 POST 动词.
• 我使用的是最新版本的 jQuery.答案可能基于此库，或任何其他解决此问题的方法.
• 通过 HTTPS 访问整个页面不是解决方案.
• 服务器平台为 Microsoft .NET 4.0 (ASP.NET 4.0).
• UDPATE:CORS 不是一个选项.现代浏览器对此没有广泛支持.

• I couldn't accept any answer suggesting JSONP. Asynchronous calls must be using POST verb.
• I'm using latest version of jQuery. Answer could be based on this library, or any other solving this problem.
• Accessing the entire page over HTTPS isn't a solution.
• Server platform is Microsoft .NET 4.0 (ASP.NET 4.0).
• UDPATE: CORS isn't an option. There's no wide support for this in modern browsers.

推荐答案

首先，我对@missingo 和@PiTheNumber 提出的两个问题都进行了 +1.

First of all, I've +1 both questions from @missingo and @PiTheNumber.

在花费了大量时间后，我得出结论，我要将整个页面切换到 HTTPS.那是因为:

After spending a lot of hours, I've arrived to the conclusion I'm going to switch the entire page to HTTPS. That's because:

• 大多数现代浏览器都支持 CORS，但是 Internet Explorer，从第 8 版开始有一个专有实现(XDomainRequest 对象)，可能在某些计算机中被禁用(我的在 Internet 安全区域默认禁用跨域请求).

• Most moderns browsers support CORS, but Internet Explorer, starting from 8th version has a proprietary implementation (XDomainRequest object), which may be disabled in some computers (mine had cross-domain request disabled by default in Internet security zone).

• Opera 不支持 CORS.第 12 个版本会支持它，但这不是一个选项，因为用户应该首先采用这个新版本，这不会在 2 天内.

• Opera doesn't support CORS. 12th version will support it, but this isn't an option as users should adopt this new version first, and this won't be in 2 days.

我需要进行跨域请求，因为 Web 客户端应用程序必须请求位于另一个域中的 RESTful 服务层.没办法.

I need to do cross-domain requests since Web client application must request a RESTful service layer located in another domain. No way.

将所有内容都切换到 HTTPS 会使服务层代理方法再次起作用(这是预期的行为).

Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

无论如何，谢谢，因为这两个答案对我得出这个结论有很大帮助.

Thanks anyway because both answer have helped me a lot for arriving to this conclusion.

@Sam 添加了任何人都可能感兴趣的评论.这是关于如何在 Internet Explorer 8 和 9 中获取 CORS(参见 #7):http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

@Sam has added a comment that could be interesting for anyone. It's about how to get CORS in Internet Explorer 8 and 9 (see #7): http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

这篇关于JavaScript跨域调用:从HTTP调用到HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！