cross-origin header in IE8/IE9

孤街浪徒 提交于 2019-12-03 11:17:34

问题


Since jQuery ajax ist not working for CORS/IE, I'm using XDomainRequest to retreive data from another Server. Work's fine, but I would like to send some header ('Authentification', 'content-type').

Is there a chance to add/change header in XDomainRequest?

Or does someone know a workaround?


回答1:


This is what we did for IE.

If you have control over the target domain, host a (static) html file there. Include the html using the iframe.

Now this iframe does actually have access to the local domain, so you can communicate between the parent and child frame to get what you need.

This worked much better than XDomainRequest for us.

window.postMessage is the best way to setup the communication:

But I'm pretty sure that only started working since IE8. If you require older browsers as well, you must use a different hack.

In our case, this was our 3-layer system:

  1. CORS, for browsers that support it
  2. An iframe & window.postMessage as a primary fallback
  3. A server-side proxy script as the secondary fallback

All of these options work well, are reliable and didn't feel too much like a hack. The secondary fallback was barely ever used.

Keep in mind that the 'Authentication' header specifically is special, and I would not be shocked that that's blocked under certain circumstances anyway. We added a custom header 'X-Authenticate' as it did pass through all the time.




回答2:


IE's XDomainRequest does not allow custom headers to be set. See item #3 here: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx The XDomainRequest object is locked down to the point where it is difficult to make authenticated requests.



来源:https://stackoverflow.com/questions/9652364/cross-origin-header-in-ie8-ie9

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!