Javascript:XMLHttpRequest问题与跨源资源共享 [英] Javascript: XMLHttpRequest problem with Cross-Origin Resource Sharing
本文介绍了Javascript:XMLHttpRequest问题与跨源资源共享的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我向Google Places API发送JSON请求时使用:
I'm making a JSON request to the Google Places API with:
function load(){
var req = new XMLHttpRequest();
req.open('GET', 'https://maps.googleapis.com/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxx', false);
req.send(null);
if(req.status == 200){
dump(req.responseText);
}
}
但Chrome正在返回错误:
But Chrome is returning the error:
XMLHttpRequest cannot load https://maps.googleapis.com/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxxx.
Origin http://sandrayoon.com is not allowed by Access-Control-Allow-Origin.
有没有办法防止或规避跨源资源共享?我不太熟悉此安全问题。
Is there a way to prevent or circumvent cross-origin resource sharing? I am not very familiar with this security issue.
推荐答案
服务器应该使用Access-Control-Allow-Origin命令让浏览器将此响应传递给javascript。您也可以设置*以允许任何跨域请求。
Server should response with "Access-Control-Allow-Origin" header in order to let the browser to pass this response to javascript. You can also set "*" to allow any cross-domain requests.
这是一个很好的介绍主题。
Here is a good intro to the subject.
这篇关于Javascript:XMLHttpRequest问题与跨源资源共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文