XMLHtt prequest同一台服务器,但不同的充端口上的跨站点脚本 [英] XMLHttpRequest cross site scripting on same server but differnt port
问题描述
使用XMLHtt prequest它是不可能打开上不同的域,其中在网页本身托管到文档的连接。
using XMLHttpRequest it is not possible to open a connection to a document on a different domain than where the page itself is hosted.
但对于不同的端口?
例如,我有我的机器上运行Web服务器侦听端口80因此webaddress是这样的:
for example i have a webserver running on my machine listening on port 80 so the webaddress would look like this:
http://localhost:80/mypage.html
和我有在本地主机上这是为了处理Ajax请求,但听在不同的端口上运行的另一个网站服务器。所以在的mypage.html的JavaScript是这样的:
and i have another webserver running on localhost which is meant to process the ajax requests but listens on a different port. so the javascript in mypage.html would look like this:
var xmlhttprequest = new XMLHttpRequest();
xmlhttp.open("GET", "http://localhost:1234/?parameters", true);
xmlhttp.send();
将这项工作?还是会给出一个安全异常呢?
would this work? or will it give a security exception as well?
推荐答案
使用不同的端口确实算是跨站点脚本。
Using a different port does indeed count as cross-site scripting.
有几个著名的方式来拨打电话(你可以随时发送数据),并使用反应(这是你能不能正常的防XSS限制做),其中的JSONP 并使用iframe页面加载数据。
There are several well-known ways to make a call (you can always send the data) and use the response (which is what you cannot normally do under anti-xss constraints), including JSONP and using an iframe in the page to load the data.
这篇关于XMLHtt prequest同一台服务器,但不同的充端口上的跨站点脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!