跨域资源共享和文件：// [英] Cross-Origin resource sharing and file://

问题描述

我写一个HTML5应用程序正在使用JSONP几个不同的来源收集数据。什么我做一个GET完美的作品。我现在想POST数据，我碰到的一个有趣的障碍。我需要从我的应用程序到另一个，在我的应用程序从本地机器上运行的POST数据。我试图写一个跨平台的功能的移动应用（可以考虑脉冲/ Flipboard的），因此code将始终从本地源运行。我的思维过程如下：

I am writing an HTML5 application that is gathering data from a few different sources using JSONP. Anything I'm doing with a GET works perfectly. I'm now trying to POST data, and I've run into an interesting snag. I need to POST data from my application to another, where my application is running from a local machine. I am trying to write a cross-platform capable mobile application (think Pulse/Flipboard), so the code will always be running from a local source. My thought process was as follows:

• 使用JSONP - JSONP不允许张贴，它只是不工作的方式（邮报数据到JSONP ）
• 在依靠CORS - 因为请求是从本地源使用文件来了：// ，产地标头为空。这会导致请求失败（<一href="http://stackoverflow.com/questions/3595515/xmlhtt$p$pquest-error-origin-null-is-not-allowed-by-access-control-allow-origin">XmlHtt$p$pquest错误：产地空不受访问控制 - 允许 - 产地允许）
• 使用另一台服务器反弹关闭的要求 - 这将是昂贵的

• Use JSONP - JSONP does not allow for posting, it just doesn't work that way (Post data to JsonP)
• Rely on CORS - Since the request is coming from a local source using file://, the origin header is null. This causes the request to fail (XmlHttpRequest error: Origin null is not allowed by Access-Control-Allow-Origin)
• Use another server to bounce the request off of - this would be expensive

所有我针对的浏览器是基于WebKit的（新iPad，剧本，Android的），所以我不知道是否有在同源策略code，我可以偷偷通过任何吱吱作响？也许一些使用iframe或postMessage的？

All of the browsers I'm targeting are webkit based (iPad, Playbook, Android), so I'm wondering if there are any creaks in the same origin policy code that I can sneak through? Maybe something using iframe or postMessage?

推荐答案

，因为它会转出去，要做到这一点最简单的方法是张贴到目标URL的iframe内。大多数浏览器的同源策略，您可以从一个域​​执行HTTP POST到其他不相关的领域。我解决了这个问题，通过增加一个iframe到我的网页，最初设置为本地引导页。由于该网页是从同一个域中加载，我能够通过脚本来控制它。我用张贴的形式来我的目标网站，而接受调查的结果，以确定我的电话是成功的。这不是优雅，但它的工作原理。

As it would turn out, the easiest way to do this is to post to the target url inside of an iframe. Same origin policy on most browsers allows you to perform an HTTP POST from one domain to another unrelated domain. I solved the problem by adding an iframe to my page, initially set to a local bootstrapping page. Since that page was loaded from the same domain, I am able to control it via script. I used that to post the form to my target site, and polled the results to determine if my call was successful. It's not elegant, but it works.

这篇关于跨域资源共享和文件：//的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！