跨域弹出窗口
我的流程如下:用户在站点 1 上单击“登录”。站点 2 会打开一个弹出窗口,要求他使用 Twitter 登录。然后他使用 oAuth 登录,因此页面发生变化。成功登录后,弹出窗口应关闭,并且站点 1 上的代码应收到通知。
什么不起作用:
- WebIntents - 好吧,他们网站上的示例甚至不起作用,所以我没有在本地尝试。
- easyXDM< /strong> - 与 iframe 通信,而不是弹出窗口。
- porthole - 相同,使用 iframe。
一个可怕的解决方案是每隔几秒刷新一次 iframe,以检查用户是否已经登录。
有更好的方法吗?更好的图书馆?
My flow is as follows: the user clicks sign in on site 1. a pop up is opened from site 2 asking him to login using twitter. he then logs in - using oAuth, so the page changes. After a successful login the pop up should close and the code on site 1 should receive a notification.
What didn't work:
- WebIntents - well, the examples on their site didn't even work, so I didn't try it locally..
- easyXDM - communicates with an iframe, not a popup.
- porthole - same, uses an iframe.
A horrible solution is refreshing the iframe every couple of seconds, to check if the user logged in already.
Is there a better way to do this? better libraries?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您可以在用户登录后将弹出窗口引用到另一个页面,则可以使用以下内容:
main page:
refer page:
请记住,refer page 必须与您的主页位于同一域中。
而且,不要担心其他浏览器对 localstorage 的支持不佳,
但如果你真的想支持老歌,我相信你可以使用cookie。
if you can refer the popup to another page after the user is logged in, you could use this:
main page:
refer page:
Keep in mind that the refer page has to be on the same domain as your main page.
And, don't be afraid of bad support for localstorage in other browsers,
but if you really want to support oldies, you can use cookies, I believe.
当用户单击 site1 上的登录按钮时,会从 site2 打开一个弹出窗口。
我假设您使用 window.open 通过 iframe 来执行此操作,并且您已经弄清楚如何绕过大多数浏览器垃圾邮件拦截器等。
由于您将此弹出窗口作为新窗口打开,因此您现在可以控制那个窗口,你实际上可以从新窗口发回东西。
这将是一些伪代码,但只是为了举例!
假设用户使用如下所示的链接登录:
您的弹出窗口现在可以由
window.popup引用,并且在 window.popup 内,原始页面现在称为 window.opener。在打开弹出窗口的同一站点上,您有一个功能,如下所示:
用户使用 oAuth 登录后,您需要重定向到新页面,oAuth 和 Twitter 指南中对此都有解释,您需要该重定向发生在弹出窗口内,然后捕获该页面上的登录信息并将其发送回原始文档和handleLogin 函数。
根据您的使用情况,在大多数 PHP 实现中,您会执行类似的操作来从登录中获取数据,这当然是在完成所有令牌和消费者密钥之后:
因此,当从 Twitter 重定向到新页面时,新的页面看起来像这样:
这实际上会在打开弹出窗口的页面上运行handleLogin()函数,并将弹出窗口中的用户信息发送到原始页面上的该函数,然后关闭弹出窗口。
我已经将这种技术与 oAuth、OpenID、Google 等一起使用,并且它工作得很好,根本不需要本地存储、cookie 或页面刷新,因为您可以控制弹出窗口,您可以来回发送信息如果您愿意,您甚至可以通过执行以下操作来动态更改打开文档中弹出窗口的地址:
这在某些情况下很方便,例如 OpenID 默认情况下会关闭弹出窗口并将 document.opener 重定向到页面指定,这不是你想要的,为了克服这个问题,您必须在某个随机页面上打开弹出窗口,最好是您控制的空页面,然后在弹出窗口打开后立即将弹出窗口的 href 重定向到 Twitter。
这一切看起来非常复杂,但它是可行的,如果你走到这一步,你现在已经有了数据,你所要做的就是通过保存 site2 的 iframe 将其推送到 site1。由于如果没有 websockets 或某种事件驱动服务器(例如 node.js),推送实际上是不可能的,因此您可能不得不依赖长轮询或其他方式,有很多方法可以做到这一点,我相信您'我会弄清楚的,但是如果您对 site1 上运行的脚本有一定的控制权,并且显然您可以控制 site2,那么您实际上可以使用一点 javascript 通过 iframe 访问一些数据,但我从未真正这样做过,所以我不知道具体是怎么回事作品。
它并不是真正相关,但我真的不明白为什么有人使用其他网站的 iframe 登录您的网站会有用,这对我来说似乎很奇怪,但这取决于您自己弄清楚。
When a user clicks a sign in button on site1 a pop up is opened from site2.
I'm assuming your using window.open thru an iframe to do this, and that you have already figured out how to bypass most browsers spam blockers etc.
Since you are opening this pop up as a new window, you are now in control of that window, and you can actually send stuff back from the new window.
This will be somewhat pseudo code, but just to make an example!
Lets say a user signs in with a link looking something like this:
Your pop up can now be refferenced by
window.popup, and inside window.popup the original page is now called the window.opener.On the same site that opens the popup you have a function, like this:
After the user has logged in with oAuth, you need to redirect to a new page, this is explained in both the oAuth and Twitter guides, and you need to make that redirect happen inside the popup, and then capture the information from the login on that page and send it back to the original document and the handleLogin function.
Depending on what your using, in most PHP implentations you do something like this to get the data from the login, and this is of course after doing all the token and consumer key stuff:
So when redirecting from Twitter to a new page, the new page would look something like:
This will actually run the handleLogin() function on the page that opened the popup, and it will send the userinfo from the popup to that function on the original page and then close the popup window.
I've used this technique with oAuth, OpenID, Google etc. and it works just fine without any need for local storage, cookies or page refresh at all, since you are in control of the popup window you can send information back and forth and you could even change the adress of the popup from the opening document on the fly if you wanted by doing something like this:
This is handy in some cases, for instance OpenID will by default close the popup and redirect the document.opener to the page specified, this is not what you want, and to overcome this you would have to open the popup on some random page, preferably an empty page that you control, and then redirect the popup's href to Twitter immediately after the popup is opened.
It all looks very complicated, but it is doable, and if you get this far, you now have the data, an all you have to do is somehow push it to site1 thru the iframe that holds site2. As pushing is'nt really possible without websockets or some sort of event driven server, like node.js, you will probably have to rely on long polling or something else, there are many ways to do this, and I'm sure you'll figure it out, but if you have some control over scripts running on site1, and you obviously have control over site2, then you can actually access some data thru an iframe with a little javascript, but I've never actually done that so I do not know exactly how it works.
It's not really relevant, but I don't really see why it would be useful for someone to login thru your site with an iframe from some other site, and it all seems strange to me, but thats up to you to figure out.