发表新帖
发表新帖

How to perform cross-site ajax request?

前端 未结
关注
3 926
半阙折子戏
半阙折子戏 2021-01-22 14:42

Browsers don\'t allow cross-site AJAX calls (it\'s a security restriction). Is there any possible solution ?

EDIT

I control only the caller website

相关标签:
3条回答
  • 迷失自我
    2021-01-22 14:48

    Your best solution is to use JSONP calls.

     function jsonp(url, params, callback){
  var script = document.createElement("script");
  script.setAttribute("src", url+'?'+params+'&callback='+callback);
  script.setAttribute("type","text/javascript");
  document.body.appendChild(script);
 }

 function doit(data){
  alert(data);
 }

jsonp('http://domain.com', 'foo=bar', 'doit');

    In the opposite side, the website you're contacting must be able to return a JSONP formatted response in order for this to work.

    0 讨论(0)
  • Happy的楠姐
    2021-01-22 14:51

    There are 2 ways to do this, depending on whether the callee will ship out JSONP or not:

    1. If you can, use JSONP

    JSONP is a way to bypass the cross domain policy by returning a function call, rather than a naked JSON object. The P stands for padding, essentially just the part that calls the function.

    For this to work, the callee needs to return JSONP.

    Regular JSON looks like this:

    {a: 12, b: 15}

    JSONP looks like this:

    callback({a: 12, b: 15});

    When the AJAX request completes, the callback function (which you define in your own code) will be executed and the JSON data passed to it as an object, thus bypassing the cross domain policy.

    2. If JSONP is not supported, mirror the request through your own server

    The second option is to pipe data through your own server. Your JavaScript makes a request from your server, and the server then mirrors that request to the remote server and pings back the result.

    Since the AJAX request is now made to your own server you won't run afoul of the cross domain policy.

    There are two downsides to this approach:

    1. Two requests are now required which will slow the response time a little, though probably not much as server to server communication will probably be via a fat pipe.
    2. Since all requests now originate from your server you may have problems with IP based rate limits. This is the case with Twitter API calls. You may be able to mitigate against this by caching results.
    0 讨论(0)
  • 無奈伤痛
    2021-01-22 14:52

    If you control both parties then there a lot of options. Such as JSONP, or modifying header responses of the remote website. Unfortunately, JSONP only works if the remote website supports it. You can't force a JSONP call to a website that doesn't already support it.

    However, as you have said, you only control the source website. You cannot hack the browser around this restriction for obvious reasons. You do have a third option which is creating a back-end proxy. You can use Apache and mod_rewrite to create a proxy. Here is on how to do this or this link which is more detailed.

    For example

    ProxyPass /api/gtalkbots http://gtalkbots.com/reverse-proxy-data.php  
ProxyPassReverse /api/gtalkbots http://gtalkbots.com/reverse-proxy-data.php

    Creates a proxy at /api/gtalkbots which will returns the repose from gtalkbots.com

    0 讨论(0)
 看不清?
提交回复
热议问题