问题描述
时有可能使AJAX的呼叫从本地的HTML / JS文件(例如,使用jQuery.ajax())(例如文件://home/a.html)到远程服务器(如的)?如果是,如何使这些XSS(例如,在FF3)?
Is it possible to make AJAX-calls (e.g. using jQuery.ajax() ) from local html/js file (e.g. file://home/a.html) to the remote server (e.g. http://domain:8080/api)? If yes, how to enable such XSS (e.g. in FF3)?
我想这是一些浏览器的安全设置,但无法找到哪些。
I suppose it's some browser's security settings, but can't find which ones.
和假设有没有任何服务器端更改答案(如JSONP)。
And suppose there is an answer without any server-side changes (such as JSONP).
感谢。
code片断:
function foo(){
$.ajax({
type: "POST",
url: "http://localhost:8080/api",
data: "Hello world",
success: function (data, textStatus, XMLHttpRequest) {
alert(data);
alert("success!");
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
alert("fail");
}
});
}
...
...
<button onclick="foo()">click me</button>
我收到成功,但空的数据。
I'm getting "success" but empty data.
推荐答案
不幸的是,有没有其他的方法,但用两种方法之一:要么JSONP在previous答案陈述或。这都需要服务器端的变化。 JSONP是更好,如果你需要旧版浏览器的支持,但CORS显然是更清洁,可能不需要服务器端脚本修改,修改服务器的配置就足够了。
Unfortunately, there are no other ways but use one of 2 methods: either JSONP as stated in previous answers or CORS. Both require server-side changes. JSONP is better if you need older browser's support, but CORS is obviously cleaner and likely doesn't require server-side scripts changes, modifying server configuration should be enough.
希望这有助于。
这篇关于从本地JavaScript的code到远程服务器AJAX调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!