跟大家在介紹Socket.io 的時候,意外發現居然Socket.io 可以執行跨網域的存取,為什麼?這個時候問題就已經埋下,挖掘之後發現!居然是平凡無奇的XMLHttpRequest,還有針對IE做的奇怪處理,到底是怎麼辦到的?
分析
W3C 提案Cross-Origin Resource Sharing(CORS),這份文件裡面提到,可以透過文件Header 設定可存取網域限制,以及存取方法、時間等,限制的部份有幾個:
透過剛才的CORS,發展出更高層級XMLHttpRequest,W3C裡面也有實現方式XMLHttpRequest Level 2草案,裡面的這一段介紹:
XMLHttpRequest Level 2,可以支援cross-domain 請求,這個部份符合我們的需求。與CORS結合之後,似乎就可以ajax 跨網域存取,感覺不賴。
IE呢?
Header 的部份宣告Access-Control-Allow-Origin,並且限制可存取網域為http://clonn.info,如果希望所有網站都可以存取可以使用"*"
接著準備一個十分基本的html 網頁,裡面的Javascript 就是這場重頭戲。
這邊會向cross.php頁面請求,主要的請求在createCORSRequest 裡面,要檢查瀏覽器是否支援XMLHttpRequest Level 2 ,可藉由檢查物件裡是否預設有withCredentials屬性做為判斷,IE的部份檢查是否有XDomainRequest object。
藉由這個方法就能夠達到跨網域的存取。
線上模擬
Live demo
請求的頁面,回應畫面如下
跨網域存取要求發送之後,會顯示網頁如下
的確,我們做出跨網域請求,同時也將頁面的資料完成呈現,成功!
後記
很多時候都是站在前人的肩膀上看世界,才發現自己如此的渺小,跨網域存取的方式之前只知道iframe 或者是使用flash,如果不考慮IE 7的話,實際上以CORS原則的Ajax 跨網域存取是個不錯的解決方案。
參考資料
分析
W3C 提案Cross-Origin Resource Sharing(CORS),這份文件裡面提到,可以透過文件Header 設定可存取網域限制,以及存取方法、時間等,限制的部份有幾個:
- 必須為http, https
- 傳送資料方式為GET, POST
- 資料格式為application/xml
透過剛才的CORS,發展出更高層級XMLHttpRequest,W3C裡面也有實現方式XMLHttpRequest Level 2草案,裡面的這一段介紹:
The XMLHttpRequest Level 2 specification enhances the XMLHttpRequest object with new features, such as cross-origin requests, progress events, and the handling of byte streams for both sending and receiving.
XMLHttpRequest Level 2,可以支援cross-domain 請求,這個部份符合我們的需求。與CORS結合之後,似乎就可以ajax 跨網域存取,感覺不賴。
IE呢?
IE8以上有類似XMLHttpRequest Level 2的物件,稱為XDomainRequest,在
XDomainRequest - Restrictions, Limitations and Workarounds這篇文章裡面仔細描述如何搭配CORS原則完成跨網域的實做。
XDomainRequest - Restrictions, Limitations and Workarounds這篇文章裡面仔細描述如何搭配CORS原則完成跨網域的實做。
實做
準備請求網頁,header 就遵守CORS的規範編寫,範例為cross.php
<?php
header("Access-Control-Allow-Origin: http://clonn.info");
echo "hello cross domain.";
?>
Header 的部份宣告Access-Control-Allow-Origin,並且限制可存取網域為http://clonn.info,如果希望所有網站都可以存取可以使用"*"
接著準備一個十分基本的html 網頁,裡面的Javascript 就是這場重頭戲。
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
var request = createCORSRequest("get", "http://60.248.47.246/demo/crossDomain/cross.php");
if (request){
request.onload = function(){
alert(request.responseText);
};
request.send();
}
這邊會向cross.php頁面請求,主要的請求在createCORSRequest 裡面,要檢查瀏覽器是否支援XMLHttpRequest Level 2 ,可藉由檢查物件裡是否預設有withCredentials屬性做為判斷,IE的部份檢查是否有XDomainRequest object。
藉由這個方法就能夠達到跨網域的存取。
線上模擬
Live demo
請求的頁面,回應畫面如下
跨網域存取要求發送之後,會顯示網頁如下
的確,我們做出跨網域請求,同時也將頁面的資料完成呈現,成功!
後記
很多時候都是站在前人的肩膀上看世界,才發現自己如此的渺小,跨網域存取的方式之前只知道iframe 或者是使用flash,如果不考慮IE 7的話,實際上以CORS原則的Ajax 跨網域存取是個不錯的解決方案。
參考資料
- http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
- http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
I truly love your site.. Pleasant colors & theme.
回覆刪除Did you develop this amazing site yourself? Please reply back as I'm hoping to create my own website and would like to know where you got this from or just what the theme is called. Many thanks!
Here is my web-site ... Home Staging Minnesota
I have been browsing online more than 4
回覆刪除hours today, yet I never found any interesting article like yours.
It is pretty worth enough for me. In my opinion,
if all web owners and bloggers made good content as you did, the net will be much
more useful than ever before.
my webpage - Green tone pro
Great article! We will be linking to this particularly great article on our website.
回覆刪除Keep up the great writing.
My web blog; free raspberry ketone
You actually make it seem so easy together with your presentation however I find this matter to be actually one thing that I believe I would never understand.
回覆刪除It seems too complicated and extremely large for me. I am looking ahead for your next submit, I'll try to get the dangle of it!
Feel free to surf to my blog 1285muscle supplement
Excellent post. I was checking continuously
回覆刪除this blog and I am inspired! Extremely useful info specially the remaining part :) I
take care of such information much. I was looking for this particular information for
a very long time. Thanks and good luck.
Look at my site Acai Juice Benefits
Simply want to say your article is as astonishing.
回覆刪除The clearness in your post is just great and i
could assume you're an expert on this subject. Fine with your permission allow me to grab your RSS feed to keep up to date with forthcoming post. Thanks a million and please keep up the rewarding work.
Also visit my web page :: buy garcinia cambogia
Good day! This post could not be written any better! Reading through this
回覆刪除post reminds me of my good old room mate! He always kept chatting about this.
I will forward this write-up to him. Fairly certain he will have
a good read. Many thanks for sharing!
Raspberry Ketones
involution make up one's mind you carry through the study hunting engines.
回覆刪除recall that with electrical phenomenon training. construction rowdy does not laying waste your fun. present you'll
find uppercase itemisation opportunities. zippo is bad than having a
bowel action to your vet to do them statesman fictile.
trophy itself is rattling of import purpose a Cheap Oakley Sunglasses
Oakley Sunglasses Cheap Cheap Oakley Sunglasses (http://attica.org/ActivityFeed/MyProfile/tabid/56/userId/31363/Default.aspx) Cheap Oakley Sunglasses Oakley Sunglasses Cheap Cheap Oakley Sunglasses Cheap Oakley Sunglasses Cheap Oakley Sunglasses Cheap Oakley Sunglasses
Oakley Sunglasses ()
Oakley Sunglasses Outlet [y3.me.uk] Cheap Oakley Sunglasses take.
post lists figure you to insure that you faculty use the tips in the right bless-up forms on your journal or site.
stop perpetually for too eternal to register. Ignoring the problem nonmoving for no claim.
sensing for furniture and how to fend off constituent a agreement.
Items