WCF REST与jQuery AJAX - 删除/工作围绕相同的源策略 [英] WCF REST with jQuery AJAX - removing/working around same origin policy
问题描述
所以我试图创建一个由jQuery调用的C#WCF REST服务。我发现jQuery要求AJAX调用是在相同的源策略下进行的。
So I'm trying to create a C# WCF REST service that is called by jQuery. I've discovered that jQuery requires that AJAX calls are made under the same origin policy. I have a few questions for how I might proceed.
我已经知道;
1. JSONP与服务器回调的hacky解决方案
2.使用跨域代理的服务器开销太大。
3.在浏览器中使用Flash进行调用并在我的WCF中设置crossdomain.xml服务器根。
I am already aware of;
1. The hacky solution of JSONP with a server callback
2. The way too much server overhead of having a cross-domain proxy.
3. Using Flash in the browser to make the call and setting up crossdomain.xml at my WCF server root.
我宁愿不使用这些因为;
1.我不想使用JSON,或至少我不希望被限制使用它
2.我想将服务静态页面的服务器与服务应用程序状态的服务器分开。
3.这一天的Flash
I'd rather not use these because;
1. I don't want to use JSON, or at least I don't want to be restricted to using it
2. I would like to separate the server that serves static pages from the one that serves application state.
3. Flash in this day and age is out of the question.
我在想什么:有什么像Flash的crossdomain.xml文件,适用于jQuery吗?这个同源政策是jQuery的一部分还是它是在特定浏览器的限制?如果它只是jQuery的一部分,也许我会尝试挖掘代码来解决它。
What I'm thinking: is there anything like Flash's crossdomain.xml file that works for jQuery? Is this "same-origin" policy a part of jQuery or is it a restriction in specific browsers? If it's just a part of jQuery, maybe I'll try digging in the code to work around it.
修改:
Shreddd有很多地方,见下文。为了做到这一点在C#我创建了以下方法,所有的服务方法需要调用:
Shreddd got it pretty much spot on, see below. To do this in C# I created the following method, which all of your service methods need to call:
private void BypassCrossDomain()
{
WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*");
}
重要的是要注意,这允许跨站点脚本攻击,也不能使用*当你需要发送第三方cookie与您的请求。
It is important to note that this allows cross-site scripting attacks, and you also cannot use "*" when you need to send 3rd party cookies with your request.
推荐答案
您还可以考虑分派一个额外的http标头,以启用跨网域请求您的网络服务。
You could also consider spitting out an additional http header that will enable cross-domain requests on your web service.
这里描述:
< a href =https://developer.mozilla.org/en/HTTP_access_control =nofollow noreferrer> https://developer.mozilla.org/en/HTTP_access_control
因此,如果您向您的Web服务提供的任何内容添加以下标题:
So if you add the following header to any content that your web-service delivers:
Access-Control-Allow-Origin: *
浏览器将允许跨网域请求到该网络服务。这在大多数现代浏览器(ff 3.5,IE 8,safari 4)支持,似乎工作非常好的jquery应用程序托管在域foo.com,使ajax调用bar.com
the browser will allow cross-domain requests to that web service. This is supported in most modern browsers (ff 3.5, IE 8, safari 4) and seems to work very nicely for jquery applications hosted at domain foo.com that make ajax calls to bar.com
这篇关于WCF REST与jQuery AJAX - 删除/工作围绕相同的源策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
