使用 AJAX 和跨站点脚本读取标头

发布于 2024-10-29 15:20:45 字数 475 浏览 4 评论 0 原文

帮助我更好地理解 AJAX 和跨站点脚本。编写 AJAX 相当简单。如果我想异步读取网站的 HTTP 标头,我会执行以下操作:

var req = new XMLHttpRequest();
req.open('HEAD', 'http://www.stackoverflow.com/', true);
req.onreadystatechange = function (aEvt) {
  if (req.readyState == 4) {
     if(req.status == 200)
      alert(req.responseText);
     else
      alert("Error loading page");
  }
};
req.send(null);

但是,当我使用记事本将其复制并粘贴到简单的 HTML 页面并尝试在本地运行时,请求状态似乎并不显示返回 200。我假设这是由于跨站点脚本造成的。我该如何解决这个问题?

Help me understand AJAX and cross-site scripting a little better. Writing AJAX is fairly straight forward. If I want to asynchronously read HTTP header of a website, I'd do something like this:

var req = new XMLHttpRequest();
req.open('HEAD', 'http://www.stackoverflow.com/', true);
req.onreadystatechange = function (aEvt) {
  if (req.readyState == 4) {
     if(req.status == 200)
      alert(req.responseText);
     else
      alert("Error loading page");
  }
};
req.send(null);

However, when I copy and paste this into a simple HTML page using notepad and try to run it locally, the request status doesn't seem to return 200. I am assuming this is due to cross-site scripting. How would I get around this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

生寂 2024-11-05 15:20:45

您是对的,除非您使用跨源资源共享(CORS,,否则不允许跨域发出请求http://www.w3.org/TR/cors/)。 CORS 有客户端和服务器端组件。在客户端,该请求看起来与常规 XmlHttpRequest 非常相似,只是您还可以配置一些其他属性和处理程序。在服务器上,响应需要发出一些特殊的 http 标头。本文详细介绍了 CORS 在客户端和服务器上的工作原理:http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/

You are right in that making requests across domains is not allowed unless you are using Cross-Origin Resource Sharing (CORS, http://www.w3.org/TR/cors/). CORS has a client-side and server side component. On the client side, the request looks mostly like a regular XmlHttpRequest, except you have a few other properties and handlers you can configure. On the server, the response will need to emit some special http headers. This article gives a good breakdown of how CORS works on the client and server: http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/

把回忆走一遍 2024-11-05 15:20:45

我的第一个猜测是尝试制作一个像网关一样的本地 PHP 文件:

<?php
  echo get_headers($_GET['url']);
?>

然后,以目标站点的 url 作为参数执行 GET 请求,并解析 那个请求的responseText来确定原始的响应标头。

我认为使用 JS 是不可能的,所以你必须使用一些服务器端代码。

My first guess would be to try and make a local PHP file which acts like a gateway:

<?php
  echo get_headers($_GET['url']);
?>

Then, perform a GET request with the url of your target site as the parameter, and parse the .responseText of that request to determine the response header of your original.

I don't think it's possible with pure JS, so you'll have to use some serverside code.

潜移默化 2024-11-05 15:20:45

有两种类型的“本地”:

  • 使用本地服务器 (http://localhost/)
  • 直接访问 HTML 文件 (file:///C:\a\b\c.html)

AJAX 永远不会工作,在第二种情况下。

There are two types of "locally":

  • Using a local server (http://localhost/)
  • Accessing HTML file directly (file:///C:\a\b\c.html)

AJAX won't work, ever, in the second case.

暮倦 2024-11-05 15:20:45

如果您的页面在 http://stackoverflow.com 发出 ajax 请求localhost/" rel="nofollow">http://localhost/...

http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests

You can't make an ajax request to http://stackoverflow.com if your page is being served on http://localhost/...

http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文