为什么当我可以从PHP发出请求时,Ajax会给我一个跨源错误? [英] Why does Ajax give me a cross origin error when I can make the request from PHP?
问题描述
我可以从PHP发出GET请求并获得正确的响应。这是我使用的函数:
PHP
函数httpGet($ url)
{
$ ch = curl_init();
curl_setopt($ ch,CURLOPT_URL,$ url);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ ch,CURLOPT_HEADER,false);
$ output = curl_exec($ ch);
curl_close($ ch);
return $ output;
$ / code> 一个简单的例子:
$ fakevalue = 'iamfake';
$ url =http://fakeurl.com?fakeparameter=。$ fakevalue;
$ jsondata = httpGet($ url);
$ fake_array = json_decode($ jsondata,true);
$ weed_var = $ fake_array ['weeds']; //成功获得杂草。
此函数返回来自服务器的响应。
现在我在AJAX中尝试了相同的HTTP GET请求,但我无法获得响应。
最初,我认为问题出在JavaScript函数我用。 Google提供了很多用于执行HTTP GET请求的JavaScript函数,但它们都有相同的问题。请求返回一个错误,而不是我在使用PHP时获得的数据。
JAVASCRIPT
var fakevalue =iamfake;
var fake_data = {
fakeparameter:fakevalue
};
$ .ajax({
url:http://fakeurl.com,
data:fake_data,
类型:GET,
crossDomain:true,
dataType:json,
success:function(a){
$(#getcentre)。html(a);
},
错误:function(){
alert(Failed!);
}
});
JavaScript错误
XMLHttpRequest无法加载http://fakeurl.com?fakeparameter=fakevalue。请求的资源上不存在Access-Control-Allow-Origin标头。因此不允许Origin'http:// localhost'访问。'
我知道你会告诉我使用CORS,但是如果这是因为缺少'Access-Control-Allow-Origin'头文件,那么我如何得到PHP中相同服务的响应?
使用PHP(或其他任何运行在您的服务器或独立应用程序(包括作为浏览器扩展安装的应用程序))中, >您正在使用您的凭据(您的Cookie,您的IP地址,其他所有内容)向Bob的服务器请求数据。使用Ajax,您要求 Alice's 浏览器使用她的凭据向Bob的服务器请求数据,然后将这些数据提供给您的JavaScript然后可以将它发送回您的服务器,以便您可以亲自看到它)。
Bob可能会向Alice发送不同的数据他会给你的。例如:鲍勃可能正在运行爱丽丝的电子银行系统或公司内部网。因此,除非Bob的服务器告诉Alice的浏览器可以使用CORS来提供这些数据,否则浏览器将会阻止你的JavaScript访问这些数据。
CORS有其他选择,但它们涉及使用不是数据格式(JSONP)的文件类型来分发数据(这也需要Bob的服务器进行合作),或让服务器从Bob获取数据,然后通过服务器上的URL(或者像YQL这样的两个组合)将其提供给服务器(这意味着您将获得Bob将给予的数据而不是Bob将给爱丽丝的数据)。
I can make a GET request from PHP and get the correct response. This is the function I use:
PHP
function httpGet($url)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_HEADER, false);
$output=curl_exec($ch);
curl_close($ch);
return $output;
}
A simple example:
$fakevalue='iamfake';
$url="http://fakeurl.com?fakeparameter=".$fakevalue;
$jsondata= httpGet($url);
$fake_array = json_decode($jsondata, true);
$weed_var=$fake_array['weeds']; // successfully obtained weed.
This function returns the response from the server.
Now I am trying the same HTTP GET request in AJAX, but I can't get the response.
Initially I thought the problem was with the JavaScript function that I use. Google provided with me lots of JavaScript functions for performing the HTTP GET request but they all had the same problem. The request returns an error instead of the data that I got when I used PHP.
JAVASCRIPT
var fakevalue = "iamfake";
var fake_data = {
fakeparameter: fakevalue
};
$.ajax({
url: "http://fakeurl.com",
data: fake_data,
type: "GET",
crossDomain: true,
dataType: "json",
success: function(a) {
$("#getcentre").html(a);
},
error: function() {
alert("Failed!");
}
});
Error from JavaScript
XMLHttpRequest cannot load http://fakeurl.com?fakeparameter=fakevalue. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.`
I know you are going to tell me to use CORS, but if it was because of the absence of 'Access-Control-Allow-Origin' header, then how did I get response for the same service in PHP?
With PHP (or anything else running on your server, or a standalone application (including those installed as a browser extension)), you are requesting data from Bob's server using your credentials (your cookies, your IP address, your everything else).
With Ajax, you are asking Alice's browser to request data from Bob's server using her credentials and then to make that data available to your JavaScript (which can then send it back to your server so you can see it yourself).
Bob might give different data to Alice then he would give to you. For example: Bob might be running Alice's eBanking system or company intranet.
Consequently, unless Bob's server tells Alice's browser that it is OK to make that data available to you (with CORS), the browser will prevent your JavaScript from accessing that data.
There are alternatives to CORS, but they involve either distributing the data using a file type that isn't designed to be a data format (JSONP) (which also requires Bob's server to cooperate) or having your server fetch the data from Bob and then make it available through a URL on your server (or some combination of the two like YQL does) (which means that you get the data Bob will give to you and not the data Bob will give to Alice).
这篇关于为什么当我可以从PHP发出请求时,Ajax会给我一个跨源错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
