使用 JSONP 获取 XML
这两天,我浏览了很多论坛网站,但没有找到我的问题的确切解决方案。 我遇到跨站点脚本问题。我的应用程序的 Web 服务是用 javascript、html 和 css 编写的,出现如下错误:
“XMLHttpRequest 无法加载...bla bla bla..Origin http://localhost:8088 不允许Access-Control-Allow-Origin 响应标头。” 我编写的代码是;
$.ajax({
async: false,
type: "GET",
url: "http://www.yem...om/Cata.../M...ogin2?username=blabla&password=blabla123",
dataType: "xml",
success: function(xml) {
alert("CONTROL???");
$(xml).find('Login').each(function(){
var logResult = $(this).find('Result').text();
alert(logResult);
});
}
})
;
我发现我必须使用 JSONP。但是,当我编写 dataType: "*jsonp xml*" 或 dataType: "*jsonp text xml*" 时,我收到一条错误消息,例如“SyntaxError:解析错误”!
另外,我尝试了CORS Filter,但它需要web.xml,但我没有。当我创建并尝试使用它时,我失败了!
此外,我尝试使用 James Padolsey 的 jQuery 进行跨域请求 http:// james.padolsey.com/javascript/cross-domain-requests-with-jquery/ 它有效,但我还没有解析收到的数据。该插件使用雅虎查询语言,因此,控制数据是不同的并且不容易。
还有什么办法可以解决我的问题吗?请帮我!
最好的祝愿。
For two days, I have got around lots of forum sites, but I don't find exact solution of my problem.
I have cross-site scripting problem. Web services of my application that is written with javascript, html and css get an error like;
"XMLHttpRequest cannot load...bla bla bla..Origin http://localhost:8088 is not allowed by Access-Control-Allow-Origin response header." Code I write is;
$.ajax({
async: false,
type: "GET",
url: "http://www.yem...om/Cata.../M...ogin2?username=blabla&password=blabla123",
dataType: "xml",
success: function(xml) {
alert("CONTROL???");
$(xml).find('Login').each(function(){
var logResult = $(this).find('Result').text();
alert(logResult);
});
}
})
;
I see that I have to use JSONP. But when I write dataType: "*jsonp xml*" or dataType: "*jsonp text xml*", I get an error msg such as "SyntaxError: Parse Error" !
Also, I tried CORS Filter, but it needs web.xml but I don't have it. When I created and tried to work it, I failed!
Moreover, I tried cross domain requests with jQuery by James Padolsey http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/
It works, but I haven't parsed data I receive. This plug-in uses Yahoo Query Language, because of that, controlling the data is different and not easy.
Is there any way left to figure my problem out? Please help me!
Best wishes.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
跨域限制的存在是有原因的。它保护互联网用户。它的存在是为了防止程序员和黑客做很多有害的事情。
您可以采取一些措施来解决这个问题。其中之一是您可以执行 CORS Filter 以允许来自跨域的请求。你说你没有 web.xml 文件。我不确定你的项目是什么样的,但如果你使用的是 Web 服务,那么应该在某处有某种 web.xml 文件。如果您无法进行设置,那么您就不走运了(无法使用像 YQL 或类似的代理这样的好代理)。像 YQL 这样的东西,他们已经设置了 CORS 过滤器以允许来自所有域的请求。调用 YQL 是一个 ajax 调用,就像您尝试执行的 ajax 调用一样。最大的区别是 YQL 服务器具有 CORS Filter 设置,浏览器会检测到并允许跨域请求继续进行。
一旦 CORS 过滤器就位,浏览器将允许您从不同的域访问该域。您不需要寻找一种方法来解决这个问题,而是需要将项目设置为允许跨源请求。
如果您不控制尝试 ping 的 Web 服务,那么您就不走运了。只有 Web 服务的所有者才能访问 web.xml。
The cross domain restrictions exist for a reason. It protects internet users. It is in place to prevent programmers and hackers from doing a lot of harmful things.
There are some things that you can do to get around it. One of them being that you can do CORS Filter to allow requests from cross domains. You say that you don't have web.xml file. I am not sure what your project looks like, but if you are using web services, then should have some sort of a web.xml file somewhere. If you can't set that up, you are out of luck (short of using a nice proxy like YQL or something similar). Things like YQL, they have set their CORS Filter to allow requests from all domains. Calling YQL is an ajax call, just like the ajax call that you are trying to do. The big difference is that the YQL server has the CORS Filter setup, which the browser detects and allows the cross-domain request to proceed.
Once a CORS Filter is in place, then the browser will allow you to hit that domain from a different domain. Rather than looking for a way to hack that, you need to get your project set up to allow the cross origin requests.
If you don't control the webservices that you are trying to ping, then you are out of luck. Only the owner of the webservices will have access to the web.xml.
要获取 JSONP 格式的结果,请将其附加到 URL 的末尾:&callback=?
试试这个:
跨域脚本也必须在服务器端启用。
To get results in JSONP, append this to the end of the URL: &callback=?
Try this:
Cross domain scripting must be enabled on server side, too.
我也遇到了类似的问题。我发现这个问题的解决方案解决了我的 XSS 问题:
“无传输”错误/ IE 中的 jQuery ajax 调用
您不必使用 JSONP,因为 CORS 使用 XML 响应。您是否尝试将 support.cors 属性设置为 true (上述问题的解决方案)?
I was stuck with a similar problem as well. I found the solution to this question fixed my XSS problem:
'No Transport' Error w/ jQuery ajax call in IE
You do not have to use JSONP, as CORS works with an XML response. Did you try setting the support.cors property to true (solution in the above question)?
您可以在
/* comment */中的 Javascript 函数中编写 XML,并使用方法 functionname.toString() 将此函数转换为文本,并解析“/”之间的文本*”和“*/”以及 JSONP 的回调函数,适用于所有旧浏览器。示例 xml_via_jsonp.js :You can write XML in Javascript function inside in
/* comment */and convert this function to text with method functionname.toString() and parsing text between "/*" and "*/" with JSONP's callback function, that works in all old browsers. Example xml_via_jsonp.js :