跨源资源共享标头可以授权 X-Domain IFRAME 访问吗?
调整 IFRAME 的高度以匹配其内容页面的高度可能会很麻烦 当包含页面和内容页面不是来自同一域时。
跨源资源共享 (CORS) 标头是否使内容页面能够授权对其资源的跨域访问,从而允许其包含页面读取其高度? (或者,包含页面授权内容页面宣布其高度?)
或者 CORS 严格来说是 AJAX 的事情吗?
Adjusting the height of an IFRAME to match its content page's height can be a real drag when the containing and content pages are not from the same domain.
Do the Cross-Origin Resource Sharing (CORS) headers make it possible for the content page to authorize cross-domain access to its resources and thus allow its containing page to read its height? (or, alternatively, the containing page authorize the content page to announce its height?)
Or is CORS strictly an AJAX thing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CORS 不允许您这样做,但您可以使用跨文档消息传递在 iframe 及其父窗口(甚至在不同域中)之间发送字符串,并使用它进行通信。
大多数浏览器都支持此功能,尽管 Internet Explorer 的方式与其他'。
假设您想要的是让 iframe 向父页面宣布其所需的高度,您可以将其放入您的 iframe 代码中(未测试):
在您的包含页面中:
AttachEvent 适用于 IE,addEventListener 适用于其他所有人。出于安全目的,您可能需要检查目标源,但这就是一般想法。
编辑:跨文档消息传递的浏览器支持 (—fsb)
CORS doesn't let you do that, but you can use cross-document messaging to send strings between iframes and their parent windows even on different domains, and use that to communicate.
Most browsers support this although Internet Explorer's way differs from the others'.
Assuming what you want is to have the iframe announce to the parent page its desired height, you could put this in your iframe code (not tested):
And this in your containing page:
The attachEvent is for IE and addEventListener is for everyone else. You might want to check the target origin for security purposes, but that's the general idea.
EDIT: Browser support for Cross-document messaging (—fsb)