从内部js文件跨域Ajax请求 [英] Cross domain Ajax request from within js file

问题描述

下面的问题：

1）。我们在这里有网页... www.blah.com/mypage.html

1.) We have page here... www.blah.com/mypage.html

2。）该页面请求的js文件www.foo.com这样的...

2.) That page requests a js file www.foo.com like this...

<script type="text/javascript" src="http://www.foo.com/jsfile.js" />

3。）jsfile.js使用原型制作一个Ajax请求到www.foo.com。

3.) "jsfile.js" uses Prototype to make an Ajax request back to www.foo.com.

4）Ajax请求调用www.foo.com/blah.html。回调函数获取HTML响应，投到一个div。

4.) The ajax request calls www.foo.com/blah.html. The callback function gets the html response and throws it into a div.

这似乎并没有工作，虽然，我想这就是XSS。这是否正确？

This doesn't seem to work though, I guess it is XSS. Is that correct?

如果是这样，我怎么能解决这个问题？是否有任何其他方式来获得www.foo.com我的HTML www.blah.com在客户端上无需使用iframe？

If so, how can I solve this problem? Is there any other way to get my html from www.foo.com to www.blah.com on the client without using an iframe?

推荐答案

这是XSS，它是被禁止的。你真的应该这样做事情的方式。

It is XSS and it is forbidden. You should really not do things that way.

如果你真的需要，让你的AJAX code拨打当地code（PHP，ASP，等等）上blah.com并使其行为类似于客户端，并获取任何你从foo.com需要和返回回客户端。如果你使用PHP，你可以做到这一点用的fopen（'www.foo.com/blah.html'，'R'），然后阅读的内容，就好像它是一个普通的文件。

If you really need to, make your AJAX code call the local code (PHP, ASP, whatever) on blah.com and make it behave like client and fetch whatever you need from foo.com and return that back to the client. If you use PHP, you can do this with fopen('www.foo.com/blah.html', 'r') and then reading the contents as if it was a regular file.

当然，allow_remote_url_fopen（或任何它被称为完全一致）都需要在你的php.ini被激活。

Of course, allow_remote_url_fopen (or whatever it is called exactly) needs to be enabled in your php.ini.

这篇关于从内部js文件跨域Ajax请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！