跨源头在IE8 / IE9 [英] cross-origin header in IE8/IE9
问题描述
由于jQuery ajax ist不工作的CORS / IE,我使用 XDomainRequest 从另一个服务器检索数据。工作很好,但我想发送一些头('Authentification','content-type')。
Since jQuery ajax ist not working for CORS/IE, I'm using XDomainRequest to retreive data from another Server. Work's fine, but I would like to send some header ('Authentification', 'content-type').
有可能在XDomainRequest中添加/
Is there a chance to add/change header in XDomainRequest?
还是有人知道解决方法?
Or does someone know a workaround?
推荐答案
我们为IE做了。
如果你可以控制目标域,托管一个(静态)html文件。使用iframe包含html。
If you have control over the target domain, host a (static) html file there. Include the html using the iframe.
现在这个iframe确实可以访问本地域,所以你可以在父框架和子框架之间进行通信,以获得你需要的。
Now this iframe does actually have access to the local domain, so you can communicate between the parent and child frame to get what you need.
这比我们的XDomainRequest效果更好。
This worked much better than XDomainRequest for us.
window.postMessage 是设置通讯的最佳方式:
window.postMessage is the best way to setup the communication:
但我很确定,只有从IE8开始工作。
But I'm pretty sure that only started working since IE8. If you require older browsers as well, you must use a different hack.
在我们的例子中,这是我们的3层系统:
In our case, this was our 3-layer system:
- CORS,支持它的浏览器
- iframe& window.postMessage作为主要后备
- 作为辅助后备的服务器端代理脚本
所有这些选项工作得很好,是可靠的,没有感觉太多像一个黑客。
All of these options work well, are reliable and didn't feel too much like a hack. The secondary fallback was barely ever used.
请记住,身份验证标题是特别的,我不会感到震惊,在某些情况下被阻止。我们添加了一个自定义头X-Authenticate,因为它通过了所有的时间。
Keep in mind that the 'Authentication' header specifically is special, and I would not be shocked that that's blocked under certain circumstances anyway. We added a custom header 'X-Authenticate' as it did pass through all the time.
这篇关于跨源头在IE8 / IE9的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
