How To Do A JavaScript Cross-Domain POST or GET With jQuery or XMLHttpRequest
2012-05-09 17:30
816 查看
How To Do A JavaScript Cross-Domain POST or GET With jQuery or XMLHttpRequest | Websitez.com
There are additional headers that can be set as well:
16
Sharein ShareIf you have spent any significant amount of time in JavaScript sending data to the server, you have probably come across the strict cross-domain policy that has been in existence since the beginning of AJAX.
There are ways around this such as a proxy script, but they are all kind of a pain. Most people are unaware of the fact that it is possible to create a JavaScript POST cross-domain, and it is fairly easy to do. It is true that not all browsers support this, but you will be pleasantly surprised to know that the following browsers do support it: Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome. Yes, IE8+ does support it. I was surprised too.
So the big question is, how does it work? Cross-domain ajax is achieved through a protocol called Cross-Origin Resource Sharing.
For example, if a script such as http://www.websitez.com/list.js performs a POST request via AJAX to the website http://www.hosting.com/save_listings.php, it would normally fail due to cross-origin policy. However, if in the PHP script “save_listings.php”, you set a special header called “Access-Control-Allow-Origin” with the proper value, the POST will be successful.
In PHP, the proper code for the “save_listings.php” file would be:
header(“Access-Control-Allow-Origin: http://www.websitez.com”);
By setting that header value, it will allow the script located at http://www.websitez.com/list.js to perform POST and GET requests cross-origin to the http://www.hosting.com/save_listings.php script, which is on an entirely different domain.How To Do A JavaScript Cross-Domain POST or GET With jQuery or XMLHttpRequest
Posted by Eric Stolz in How To, jQuerySharein ShareIf you have spent any significant amount of time in JavaScript sending data to the server, you have probably come across the strict cross-domain policy that has been in existence since the beginning of AJAX.
There are ways around this such as a proxy script, but they are all kind of a pain. Most people are unaware of the fact that it is possible to create a JavaScript POST cross-domain, and it is fairly easy to do. It is true that not all browsers support this, but you will be pleasantly surprised to know that the following browsers do support it: Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome. Yes, IE8+ does support it. I was surprised too.
So the big question is, how does it work? Cross-domain ajax is achieved through a protocol called Cross-Origin Resource Sharing.
Cross-Origin Resource Sharing
Cross-Origin Resource Sharing is a W3C Working Draft that defines how the browser and server must communicate when accessing sources across origins. The basic gist is that the client and server use special headers to either deny or accept a cross-origin request.For example, if a script such as http://www.websitez.com/list.js performs a POST request via AJAX to the website http://www.hosting.com/save_listings.php, it would normally fail due to cross-origin policy. However, if in the PHP script “save_listings.php”, you set a special header called “Access-Control-Allow-Origin” with the proper value, the POST will be successful.
In PHP, the proper code for the “save_listings.php” file would be:
header(“Access-Control-Allow-Origin: http://www.websitez.com”);
There are additional headers that can be set as well:
Access-Control-Allow-Origin: http://www.websitez.com Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Headers: NCZ
Access-Control-Max-Age: 1728000
You can also specify a “*” as the domain to allow any domain to perform a POST or GET to the script in question. Obviously this is a massive security risk and should only be done if you know the exact ramifications of doing so.Access-Control-Allow-Headers: NCZ
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
For further information, please checkout this great post from NCZOnline detailing the proper way to perform the AJAX call to maximize support across as many browsers as possible as well as further details on the additional headers that you can specify to gain control over who, when, and what can access your script.
相关文章推荐
- ajax - How do I send a cross-domain POST request via JavaScript? - Stack Overflow
- How to get blob data using javascript XmlHttpRequest by sync
- JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
- scala: How to write a simple HTTP GET request client in Scala (with a timeout)
- How do I add an integer value with javascript (jquery) to a value that's returning a string?
- 使用JavaScript的XMLHttpRequest发送POST、GET请求以及接收返回值
- how to use UrlConnection to post/get request with basic authorization?
- jQuery的ajax()检验用户名;通过jQuery的load()/get()/post()方法实现;使用XMLHTTPRequest对象来进行AJAX的异步数据交互
- 使用JavaScript的XMLHttpRequest发送POST、GET请求以及接收返回值
- jquery crossdomain post plugin i changed bit test code suite for my env,due to the windows env is not familiar with github operation,i didn't forked form the original resposeritoy
- JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
- How to send HTTP request GET/POST in Java
- XMLHttpRequest.open();第一个参数post,get有什么不同,什么时候选什么,还有其他的,都有什么区别?
- XMLHttpRequest的亲密接触(2.3)——post&get提交的捕获请求方法
- How to use HttpWebRequest to send POST request to another web server?
- How to use HttpWebRequest to post data to another page which is on another server
- How To Submit Form Data by Using XMLHTTP or ServerXMLHTTP Object
- 原始ajax通过xmlHttpRequest对象的send()方法提交数据--Get方式和Post方式
- afnetworking 3.0 How to POST with headers and HTTP Body
- How do I upload or download XML to/from a database