Github API和Access-Control-Allow-Origin [英] Github API and Access-Control-Allow-Origin
问题描述
这可能是一个简单的(系列)问题,但我不能绕过它。
this probably is a simple (series of) question(s) but I can't wrap my head around it.
我试图访问github api从我的网站托管的网络应用程序。这是一个简单的代码:
I'm trying to access the github api from a web app hosted on my site. This is the code in a nutshell:
<!DOCTYPE html>
<html>
<head>
<style>p { color:red; }</style>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script>
$(document).ready(function () {
$.ajax( {url :'https://api.github.com/repos/janesconference/kievIIPlugins/commits', dataType: "json", cache: false, success: function (data, textStatus, jqXHR)
{
var lastCommitSha = data[0].sha;
$("p").text("Last commit SHA: " + lastCommitSha);
}
});
});
</script>
</head>
<body>
<p>Ajax request not (yet) executed.</p>
</body>
</html>
如果我将浏览器指向此简单页面上传的我的Dropbox帐户一切正常。
如果,而是,我指向我的浏览器到这个简单的页面上传在我的网站,我得到臭名昭着的 Access-Control-Allow-Origin
异常:
If I point my browser to this simple page uploaded on my dropbox account everything is ok.
If, instead, I point my browser to this simple page uploaded on my site, I get the infamous Access-Control-Allow-Origin
exception:
XMLHttpRequest cannot load https://api.github.com/repos/janesconference/kievIIPlugins/commits?_=1360060011783. Origin http://bitterspring.net is not allowed by Access-Control-Allow-Origin.
所以,问题:
- 为什么在Dropbox上工作?
- 我明白,使用CORS它甚至可以在网站上工作。这是一个问题在我的Apache配置或类似的东西放置
Access-Control-Allow-Origin:* .github.com
但是,如引用en.wiki,
- Why does it work on Dropbox?
- I understand that with CORS it would work even on the website. This is a matter of putting
Access-Control-Allow-Origin: *.github.com
on my Apache configuration or something like that. But, as quoted from en.wiki,
但是,这可能不适用于以下情况:安全是一个关注
However, this might not be appropriate for situations in which security is a concern
- 有没有办法不更改Apache配置?可能,我不能接触我的托管网站的Apache conf,并且总是有安全问题。正确的方法是什么?
- 名称: http://example.com
- 网址: http://example.com
- 回呼网址: http:/ /example.com
- Name: http://example.com
- URL: http://example.com
- Callback URL: http://example.com
推荐答案
网站(例如 http://example.com ),您必须通过在此处创建GitHub OAuth应用来启用它:https://github.com/settings/applications
In order to get CORS working for your site (e.g. http://example.com), you have to enable it by creating a GitHub OAuth application here: https://github.com/settings/applications
由于您使用的是GitHub应用程式CORS(不能用于启用OAuth本身),您只需在创建申请表单的所有三个字段中输入您网站的网址:
Since you are using a GitHub applications to get CORS to work (not using it for enabling OAuth itself), you can just enter your site's URL in all three fields in the "Create Application form":
请注意,如果您打算使用OAuth功能,则需要以不同的方式设置回调URL。
Note that if you intend to use OAuth functionality, you need to setup Callback URL differently.
之后,您应该能够从您的网站 http://发送AJAX请求到GitHub API example.com 。
After this, you should be able to send AJAX requests to GitHub APIs from your site http://example.com.
这篇关于Github API和Access-Control-Allow-Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!