在 Opera 中关注跨域 Ajax
您需要 Opera 9.62 才能了解这一切...因为这是唯一一个在我执行跨子域 JavaScript 调用(涉及 Ajax)时表现奇怪的浏览器。请考虑以下三个简单文件并将它们放置在适当的域中。
foo.html(boo.html iframe 的父级)位于 foo.example.com
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>foo</title>
<script type='text/javascript'>
document.domain = 'example.com';
function sendRequest() {
window.frames['boo'].sendRequest();
}
</script>
<head>
<body>
<input type="submit" value="sendRequest" onclick="sendRequest();" />
<iframe name="boo" src="http://boo.example.com/boo.html"></iframe>
</body>
</html>
boo.html(foo.html 的 iframe)位于 < code>boo.example.com
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>boo</title>
<script type='text/javascript'>
document.domain = 'example.com';
function sendRequest() {
var request = null;
if (window.XMLHttpRequest) {
request = new XMLHttpRequest();
} else {
request = new ActiveXObject('Microsoft.XMLHTTP');
}
if (request) {
request.open('GET', 'http://boo.example.com/helloworld.php', true);
request.onreadystatechange = function() {
if (request.readyState == 4) {
var result = request.responseText;
alert(result);
}
}
request.send('');
}
}
</script>
<head>
<body>
</body>
</html>
helloworld.php at boo.example.com
<?php
echo 'Hello World!';
?>
如果您在 Opera 以外的浏览器中测试上述代码(在v9.62),它就像一个魅力(我已经在 Safari、Firefox、Chrome 中进行了测试)。在 Opera 中,它不起作用,并且会抛出安全违规消息的错误。有人知道怎么回事吗? 我已经找到了问题的解决方案,稍后我会将其发布在这里(我也想看看您的解决方案),但我也想了解有关该问题的更多信息- 有人能解释一下吗?
注意:我已经在自己的服务器上设置了所有文件,因此您可以查看这里
更新:我刚刚在最新的Opera 10.63上测试了它,它没有这样的问题。因此,您肯定需要使用 Opera v9.62 来观察问题。
You'll need Opera 9.62 to see what this is all about... Because that is the only browser that behaves strange when I do cross-sub-domain JavaScript calls (with Ajax involved). Please consider the following three simple files and place them at appropriate domains.
foo.html (parent of boo.html iframe) at foo.example.com
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>foo</title>
<script type='text/javascript'>
document.domain = 'example.com';
function sendRequest() {
window.frames['boo'].sendRequest();
}
</script>
<head>
<body>
<input type="submit" value="sendRequest" onclick="sendRequest();" />
<iframe name="boo" src="http://boo.example.com/boo.html"></iframe>
</body>
</html>
boo.html (iframe of foo.html) at boo.example.com
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>boo</title>
<script type='text/javascript'>
document.domain = 'example.com';
function sendRequest() {
var request = null;
if (window.XMLHttpRequest) {
request = new XMLHttpRequest();
} else {
request = new ActiveXObject('Microsoft.XMLHTTP');
}
if (request) {
request.open('GET', 'http://boo.example.com/helloworld.php', true);
request.onreadystatechange = function() {
if (request.readyState == 4) {
var result = request.responseText;
alert(result);
}
}
request.send('');
}
}
</script>
<head>
<body>
</body>
</html>
helloworld.php at boo.example.com
<?php
echo 'Hello World!';
?>
If you test the above-stated code in browsers other than Opera (tested on v9.62), it works like a charm (I have tested in Safari, Firefox, Chrome). In Opera, it does not work and an error with security violation message is thrown. Does anybody know what the matter is?
I have found out a solution to the problem and I will post it here a bit later (I'd also like to see your solutions), but I'd like to learn more about the issue as well - can anybody explain it?
NB: I have set up all the files at my own server, so you can check it out here
UPDATE: I just tested it on the newest Opera 10.63 and it does not have such a problem. So you'll definitely need to use Opera v9.62 to observe the problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
一些较旧的 Opera 版本存在一个已知错误,该错误使设置 document.domain 影响 XMLHttpRequest 的安全上下文。因此,设置 document.domain 后,不再允许脚本从其实际来源的服务器加载内容。
推荐的解决方案是简单地升级到不受该错误影响的版本,但是如果您绝对需要支持 9.6x,您可以轻松检测到异常并回退到使用 postMessage() 进行跨域通信。 (在这样的旧版本中,您需要调用 document.postMessage() - 在较新的版本中它是 window.postMessage() 但它是 HTML5 规范的旧版本,它最初是在文档中定义的。)
Some older Opera versions had a known bug that made setting document.domain affect the security context for XMLHttpRequest. Hence, after setting document.domain the script is no longer allowed to load contents from the server it actually came from.
The recommended solution is to simply upgrade to a version not affected by the bug, however if you absolutely need to support 9.6x you can easily detect the exception and fall back to using postMessage() for cross-domain communication. (In such an old version, you will need to call document.postMessage() - in newer versions it's window.postMessage() but it older versions of the HTML5 specification it was originally defined on document.)