在 Javascript 中使用 document.domain 的同源策略解决方法
我在 Javascript 中遇到了同源策略问题。我已经阅读了有关使用 document.domain 变量解决此问题的方法,但我无法使该解决方法发挥作用。解决方法是您应该能够将 document.domain 设置为 'example.com',这样如果您从 foo.example.com 运行代码 它可以通过 XHR 从 bar.example.com 加载数据。
有关解决方法的详细信息如下:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<script>
document.domain = 'example.com';
window.onload = function() {
var req = new XMLHttpRequest();
var url = 'http://bar.example.com/';
req.open('GET', url, true);
req.onreadystatechange = function (aEvt) {
if (req.readyState == 4) {
var elem = document.getElementById('result');
if (req.status == 200) {
var data = req.responseText;
} else {
var data = "Error loading page: " + req.status;
}
elem.innerHTML = data;
}
};
req.send(null);
};
</script>
Result:<hr>
<div id="result"></div>
</body>
</html>
此代码的输出:
Result: Error loading page: 0
如果我更改 url 到 'http://foo.example.com/',一切正常。我的示例代码中有错误吗?
我不想使用代理,因为它们速度较慢、效率较低,并且会增加我们网络服务器上的流量。如果这个解决方法真的有效,那就太酷了。这个解决方法是“天上掉馅饼”吗?
I am running into same-origin policy issues in Javascript. I've read about a workaround for this using the document.domain variable, but I cannot get the workaround to work. The workaround is that you are supposed to be able to set document.domain to 'example.com' so that if you run code from foo.example.com it can load data via XHR from bar.example.com.
Details on the workaround are here:
https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript
My example code -- which doesn't produce the desired results -- is run from a URL like http://foo.example.com/:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<script>
document.domain = 'example.com';
window.onload = function() {
var req = new XMLHttpRequest();
var url = 'http://bar.example.com/';
req.open('GET', url, true);
req.onreadystatechange = function (aEvt) {
if (req.readyState == 4) {
var elem = document.getElementById('result');
if (req.status == 200) {
var data = req.responseText;
} else {
var data = "Error loading page: " + req.status;
}
elem.innerHTML = data;
}
};
req.send(null);
};
</script>
Result:<hr>
<div id="result"></div>
</body>
</html>
The output from this code:
Result: Error loading page: 0
If I change url to 'http://foo.example.com/', everything works correctly. Is there a bug in my example code?
I don't want to use a proxy because they're slower, less efficient, and will increase traffic on our web server. It'd be really cool if this workaround actually worked. Is this workaround "pie in the sky"?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
document.domain允许框架/iframe 之间的通信。不是XHR。如果删除带有
document.domain的行,则读取 contentWindow 的内容将引发同源策略错误。document.domainallows the communication between frames/iframes. Not XHR.If you remove the line with
document.domain, reading the content of the contentWindow will throw the Same Origin Policy error.