本地主机 :: 跨域 ajax
有没有办法告诉你的本地主机它可以进行跨域ajax调用?
Is there any way to tell your localhost that it can do cross domain ajax calls?
我需要这个来进行测试.
I need this for my testing.
如果是浏览器特定问题,我使用的是谷歌浏览器.
If it is a browser specific issue i am using google chrome.
干杯.
推荐答案
不,绝对不可能.如果它可以被用户禁用,那么它将成为任何有恶意或可疑意图的人的主要目标,并且与任何其他软件一样容易被利用.制作安全软件已经够难的了,而不是画出更有吸引力的目标.
No, it's absolutely not possible. If it could be disabled by the user then it would be the main target for anyone with nefarious or dubious intent, and as prone as any other software to exploitation. It's difficult enough making secure software, without painting on even more attractive targets.
实现跨域 Ajax 的唯一方法是通过服务器端脚本路由请求.
The only way to implement cross-domain Ajax is to route requests via a server-side script.
值得一提的是,也许你有一线希望:使用 HTML 5 postMessage 的跨窗口消息传递
It's worth mentioning that there is, perhaps, a glimmer of hope for you: in the form of cross-window messaging with HTML 5 postMessage
阅读一些相关(尽管我不确定它们是否重复)问题可能值得您阅读:
It's probably worth your having a read of some related (though I'm not sure they're duplicate) questions:
- 为什么跨域 Ajax 是一个安全问题?
- Firefox 跨域请求
已编辑以回应评论:
所以你的意思是有一个脚本来获取参数,将它们添加到请求中,发送出去,然后回显响应对象?
So you mean have a script that takes the params, adds them to the request, sends it out, and then echos out the response object?
基本上是的.图片格式:
Essentially yes. In picture format:
client |--------------> | server side |-----------------------> | remote domain
browser | <----ajax------| script | <------------------------|--/
编辑补充说,现在可以使用跨域资源共享 (CORS);其中来自一个域的脚本发送一个 Origin HTTP 标头,说明页面的 URL,并且服务器可以响应(如果配置为这样做)错误(如果 CORS 被禁用或不受支持)或任何请求的数据.
Edited to add that this is now sort of possible, using Cross-Origin Resource Sharing (CORS); in which a script from one domain sends an Origin HTTP header stating the URL of the page, and the server can respond (if configured to do so) with either an error (if CORS is disabled, or unsupported) or with any requested data.
参考资料:
- CORS 兼容性.
- 跨域资源共享,在 W3.org.
- 启用跨域资源共享.
相关文章