浏览器同源策略
我们的应用程序托管在“xyz:8080/rootapp”上,cometd 服务托管在“xyz:9090/cometed”上。从 cometd 服务器加载的 JavaScript 需要访问从 (xyz:8080) 加载的 DOM/JavaScript,浏览器的同源策略不允许这样做。
为了克服这个问题,我们将“document.domain”设置为“xyz”以消除端口。该解决方案运行良好,但这对于“xyz:8080”加载的所有 iframe 来说都成为问题,我需要更改每个 iframe 以使用域作为“xyz”。
有人可以给我提示来解决这个问题而不改变每个 iframe 吗?
我们有任何http标头来设置域吗?
We have application hosted "xyz:8080/rootapp" and cometd services hosted on "xyz:9090/cometed". The JavaScript loaded from cometd server needs to access the DOM/JavaScripts loaded from (xyz:8080), the browser's same origin policy is not allowing it.
To overcome it we set 'document.domain' as "xyz" eliminating port. This solution is working well but this is becoming problem to all the iframes loaded by "xyz:8080" and I need to change each and every iframe to use domain as "xyz".
Can someone provide me hints to solve this problem without changing each and every iframe?
Do we have any http header to set domain?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用 CORS 指定同源异常,这在任何相对现代的浏览器中都适用。
此页面 有相当好的介绍和兼容浏览器列表。
简短版本将 Access-Control-Allow-Origin 标头放入 xyz:8080 的响应中,其中包含 xyz:9090 或 *(用于无限制访问)。
You can use CORS to specify an exception to same origin, this will work in any relatively modern browser.
This page has a fairly good intro and a list of compatible browsers.
The short version is put an Access-Control-Allow-Origin header into the responses from xyz:8080 that contains either xyz:9090 or * (for unrestricted access).