跨域心跳无法用jquery解析jsonp数据
我将我的模块(一个 asp.net 项目)嵌入到“门户”中,该门户生成一个 iframe 到我的 url,我知道它很糟糕,但我没有做到。
为了避免在用户迭代我的 Web 项目时在主“门户”端进行会话,门户所有者告诉我通过 javascript 从我的应用程序到门户启动心跳。
每个人都知道以这种方式保持会话是不安全的,但是有“门户”,那么我就无事可做。
真正的问题是我无法从应用程序到门户进行跨域请求,因为同源策略锁定它,我找到了一个使用jquery的解决方案,但它需要[心跳监听器]处理json。
官方 jsonp 网站此处。
有人可以帮助我吗?
这是我的脚本:
function startHeartbeat()
{
var interval = 9513575;
window.setInterval(
function () {
$.ajax({
type: "GET",
cache: false,
async: true,
crossDomain: true,
url: "http://www.theportalurl.com",
dataType: 'JSONP',
complete:function(jqXHR, textStatus){
alert("Complete");
},
success:function(json){
alert("Success");
},
error:function(jqXHR, textStatus, errorThrown){
alert("Error:" + textStatus + ", detail:" + errorThrown);
},
});
}
, interval
);
}
在@rook给我帮助后我达到了这个目的:
function startHeartbeat(pgn)
{
$("body").append("<img id='heartbeat' style='width:1px; height:1px' name='heartbeat' src='http://www."+Math.random()+".org'/>");
var interval = 350000;
window.setInterval(
function () {
var rnd = Math.random();
var url = "https://www.theportal.com/refreshsession.aspx?pgn="+pgn+"&rndv="+rnd;
$("#heartbeat").attr("src", url);
}
, interval
);
}
I embbeding my module, an asp.net project, in a "portal", the portal generate an iframe to my url, i know its a shit but i dont made it.
To avoid session in main "portal" end while user iterating with my web project the portal owner told me to start an heartbeat by javascript from my application to portal.
Everyone know keep session in this way is insecure but 'portal' there is then i havent nothing to do.
The real problem is that i cant do cross-domain requests from my application to portal because same origin policy lock it, i found a solution using jquery but it require [heartbeat listener] deal with json.
The official jsonp site here.
Someone can help me?
there is my script:
function startHeartbeat()
{
var interval = 9513575;
window.setInterval(
function () {
$.ajax({
type: "GET",
cache: false,
async: true,
crossDomain: true,
url: "http://www.theportalurl.com",
dataType: 'JSONP',
complete:function(jqXHR, textStatus){
alert("Complete");
},
success:function(json){
alert("Success");
},
error:function(jqXHR, textStatus, errorThrown){
alert("Error:" + textStatus + ", detail:" + errorThrown);
},
});
}
, interval
);
}
after @rook give me help i reach this:
function startHeartbeat(pgn)
{
$("body").append("<img id='heartbeat' style='width:1px; height:1px' name='heartbeat' src='http://www."+Math.random()+".org'/>");
var interval = 350000;
window.setInterval(
function () {
var rnd = Math.random();
var url = "https://www.theportal.com/refreshsession.aspx?pgn="+pgn+"&rndv="+rnd;
$("#heartbeat").attr("src", url);
}
, interval
);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你试图做的事情明显违反了 JavaScript 的同源策略。一个好的解决方案是门户所有者可以为您想要使用 XHR 获取的页面(并且仅页面)设置此 http 标头元素。
Access-Control-Allow-Origin:http://foo.example来源:http 访问控制
What you are trying to do is a clear violation of the same origin policy for JavaScript. A good solution is that the portal owner can set this http header element for the page (and only the page) that you want to fetch with an XHR.
Access-Control-Allow-Origin: http://foo.examplesource: http access control