瀏覽器攔截跨域請求處理方法(firebug報錯,同源策略不允許讀取XXX上的遠程資源)


1. 如果可以使用get請求的話,可以使用jsonp。十分簡單的方法。


2. 如果要使用post請求域名不相同的資源的話,可以用cors跨域。

以下兩項缺一不可:

      1) 在被請求的項目根目錄(root下)下放以下文件

      crossdomain.xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "./cross-domain-policy.dtd">
<cross-domain-policy> <site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
     cross-domain-policy.dtd
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- Adobe DTD for cross-domain policy files -->
<!-- Copyright (c) 2008-2009, Adobe Systems Inc. -->

<!ELEMENT cross-domain-policy (site-control?,allow-access-from*,allow-http-request-headers-from*,allow-access-from-identity*)>

<!ELEMENT site-control EMPTY>
<!ATTLIST site-control permitted-cross-domain-policies (all|by-content-type|by-ftp-filename|master-only|none) #REQUIRED>

<!ELEMENT allow-access-from EMPTY>
<!ATTLIST allow-access-from domain CDATA #REQUIRED>
<!ATTLIST allow-access-from to-ports CDATA #IMPLIED>
<!ATTLIST allow-access-from secure (true|false) "true">

<!ELEMENT allow-http-request-headers-from EMPTY>
<!ATTLIST allow-http-request-headers-from domain CDATA #REQUIRED>
<!ATTLIST allow-http-request-headers-from headers CDATA #REQUIRED>
<!ATTLIST allow-http-request-headers-from secure (true|false) "true">

<!ELEMENT allow-access-from-identity (signatory)>

<!ELEMENT signatory (certificate)>

<!ELEMENT certificate EMPTY>
<!ATTLIST certificate fingerprint CDATA #REQUIRED>
<!ATTLIST certificate fingerprint-algorithm CDATA #REQUIRED>

<!-- End of file. -->

       測試從http://domain:port/crossdomain.xml可訪問到這兩個xml。

     2.)被請求的目標在返回時需加Responseheader   Access-Control-Allow-Origin

        response.setHeader("Access-Control-Allow-Origin", "*");

       后面的*可以是請求方的域名。


再次嘗試,firebug控制台不會報錯了~


注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
粤ICP备14056181号  © 2014-2021 ITdaan.com