

我正在使用jQuery和 jQuery表单插件

I am using jQuery and jQuery form plugin

jQuery表单插件ajaxSubmit中有一个方法.您传递一个表单,然后它通过ajax提交表单,然后您会得到响应.我想知道这是怎么可能的,因为表单位于与网页不同的服务器上. (不同的域).它似乎可以正常工作,并且我得到了可以处理的响应.如何运作?

There is a method in jQuery form plugin ajaxSubmit. You pass a form and then it submits it via ajax and you get a response. I am wondering how this is possible since the form is on a different server than the web page. (Different domains). It appears to work and I get back a response that I can process. How does this work?

域表单托管于( http://example.com )


form url:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="http://www.w3.org/1999/xhtml">

    <title>PHP Point Of Sale</title>
    <script src="<?php echo base_url('/assets/js/jquery.js'.'?'.APPLICATION_VERSION); ?>"></script>
    <script src="<?php echo base_url('js/jquery.form.js'.'?'.APPLICATION_VERSION); ?>"></script>


    <form id="formCheckout" method="post" action="<?php echo $form_url; ?>">
        <?php foreach($post_data as $key=>$value) { ?>
            <?php echo form_hidden($key, $value);?>
                <?php } ?>

            success: function(response) {



如果服务器的响应标头为'Access-Control-Allow-Origin': '*'或类似内容,它将返回响应.

If the server has a response header of 'Access-Control-Allow-Origin': '*' or something similar, it will return a response.



In the case above, * is a wildcard representing all origins. But it could also specify a list of origins.


Keep in mind, even in CORS requests, you can always send a request to the server, and the server will always receive it. It will only return a response though if it wants to (in this case, with the access control header, it will.)

如果服务器没有该标头,那么您将在控制台中看到常见错误,提示XMLHTTPRequest could not complete because the server does not allow cross-origin communication或它所说的任何内容.

If the server didn't have that header, then you'll get the common error in the console saying that XMLHTTPRequest could not complete because the server does not allow cross-origin communication or whatever the heck it says.


It depends on the architecture the server is using, but if it's a Node.js server using Express (for example), you'd see something like this is the server.js file or wherever:

app.use(function(req, res) { res.header('Access-Control-Allow-Origin', '*') });


The approach would be vastly different on different sever architectures (like Apache), but the header is standardized as part of HTTP, so that part stays the same.

