(firefox 9)javascript ajax 到外部域,状态 0,但 LiveHTTP 标头捕获正确的答案(!?)
我正在尝试对外部域进行 AJAX 调用。读了一点之后,我意识到这是不可能的。我开始深入研究代理解决方案,但后来我发现了有关“使用 CORS 的跨站点 xmlhttprequest”的信息
然后,从这里我了解到也许非旧浏览器已经实现了一种方法来做到这一点,到目前为止我猜是因为目标域允许。
因此,在这种模糊的情况下,我决定检查正在捕获的 HTTP 标头。
这是一个 GET 请愿
http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P11730
使用任何浏览器我都可以获得我想要的网页,但是通过 AJAX 调用我得到的状态为 0。
但是,通过 AJAX 脚本并使用 firefox 附加 Live HTTP 标头,我可以看到一切似乎都很顺利
http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P62071
GET /dbget-bin/www_bconv?dbkey=uniprot&acc=P62071 HTTP/1.1
Host: www.genome.jp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Origin: null
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2012 19:24:24 GMT
Server: Apache
Location: /dbget-bin/www_bget?mmu:66922
Content-Length: 0
Keep-Alive: timeout=60, max=1000
Connection: Keep-Alive
Content-Type: text/plain
所以,有 2 个选项:
1)它正在工作,但代码有某种错误
2)它似乎正在工作,但实际上 AJAX 无法对外部域执行。为什么实时 HTTP 标头能够捕捉到好东西?因为审查是事后进行的。
答案是什么?
(javascript代码)
<html>
<head>
<script type="text/javascript">
function loadXMLDoc()
{
var xmlhttp;
xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function()
{
alert(xmlhttp.readyState+' '+xmlhttp.status)
if (xmlhttp.readyState==4)
{
alert(xmlhttp.responseText);
}
}
if("withCredentials" in xmlhttp)
{
xmlhttp.open("GET","http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P11730",true);
xmlhttp.withCredentials = "true";
xmlhttp.onreadystatechange = handler;
xmlhttp.send();
}
}
</script>
</head>
<body>
编辑:所以就像使用CORS一样,需要在Web服务器上启用额外的标头。那么我假设是选项2)。
有趣的链接
I am trying to do an AJAX call to an external domain. After reading a little bit, I have realised that this cannot be done. And I was starting to dive into proxys solution, but then I've found info about "cross-site xmlhttprequest with CORS"
Then, from here I have understood that perhaps non-old browsers had already implemented a way to do it, as far as the target domain allowed it I guess.
So, within this obscurity, I have decided to check the HTTP headers that were being captured.
It is a GET petition
http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P11730
Using any broswer I get the web page that I want, but through the AJAX call I get an status of 0.
But, with the AJAX script and using the firefox add-on Live HTTP headers, I can see that everything seems to go all right
http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P62071
GET /dbget-bin/www_bconv?dbkey=uniprot&acc=P62071 HTTP/1.1
Host: www.genome.jp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Origin: null
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2012 19:24:24 GMT
Server: Apache
Location: /dbget-bin/www_bget?mmu:66922
Content-Length: 0
Keep-Alive: timeout=60, max=1000
Connection: Keep-Alive
Content-Type: text/plain
So, there are 2 options:
1) it is working, but the code has some kind of error
2) It seems to be working, but actually AJAX cannot be done to an external domain. Why Live HTTP headers is capturing the good stuff? because the censorship is done afterwards.
What is the answer?
(javascript code)
<html>
<head>
<script type="text/javascript">
function loadXMLDoc()
{
var xmlhttp;
xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function()
{
alert(xmlhttp.readyState+' '+xmlhttp.status)
if (xmlhttp.readyState==4)
{
alert(xmlhttp.responseText);
}
}
if("withCredentials" in xmlhttp)
{
xmlhttp.open("GET","http://www.genome.jp/dbget-bin/www_bconv?dbkey=uniprot&acc=P11730",true);
xmlhttp.withCredentials = "true";
xmlhttp.onreadystatechange = handler;
xmlhttp.send();
}
}
</script>
</head>
<body>
EDIT: So it is like that to use CORS the extra header needs to be enabled on the web server. Then I assume it is option 2).
Interesting links
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你的假设是正确的。
与普遍看法相反,始终可以向外部域发送 XMLHttp 请求。但是,javascript 不授予对响应文档的访问权限。
这是由于同源政策
正如您所发现的,如果服务器同意通过设置相应标头来授予访问权限,则此限制不适用(前提是浏览器也支持 CORS)。
Your assumptions are correct.
Contrary to popular belief, an XMLHttp request to an external domain can always be sent. But, javascript does not grant access to the response document.
This is due to the Same Origin Policy
As you found out, if the server agrees to grant access by setting an according header, this restriction does not apply (provided the browser supports CORS too).