zoukankan      html  css  js  c++  java
  • ajax How do I send a crossdomain POST request via JavaScript? Stack Overflow

    ajax - How do I send a cross-domain POST request via JavaScript? - Stack Overflow

    If you control the server being POSTed, simply leverage the "Cross-Origin Resource Sharing standard" by setting response headers on the server. This answer is discussed in other answers in this thread, but not very clearly in my opinion.

    In short here is how you accomplish the cross domain POST from from.com/1.html to to.com/postHere.php (using PHP as an example)

    1. In postHere.php setup the following:

      switch ($_SERVER['HTTP_ORIGIN']) {
          case 'http://from.com': case 'https://from.com':
          header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
          header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
          header('Access-Control-Max-Age: 1000');
          header('Access-Control-Allow-Headers: Content-Type');
          break;
      }
      

      This allows your script to make cross domain POST, GET and OPTIONS. This will become clear as you continue to read...

    2. Setup your cross domain POST from JS (jQuery example):

      $.ajax({
          type: 'POST',
          url: 'https://to.com/postHere.php',
          crossDomain: true,
          data: '{"some":"json"}',
          dataType: 'json',
          success: function(responseData, textStatus, jqXHR) {
              var value = responseData.someKey;
          },
          error: function (responseData, textStatus, errorThrown) {
              alert('POST failed.');
          }
      });
      

    When you do the POST in step 2, your browser will send a "OPTIONS" method to the server. This is a "sniff" by the browser to see if the server is cool with you POSTing to it. The server responds with an "Access-Control-Allow-Origin" telling the browser its OK to POST|GET|ORIGIN if request originated from "http://from.com" or "https://from.com". Since the server is OK with it, the browser will make a 2nd request (this time a POST). It is good practice to have your client set the content type it is sending - so you'll need to allow that as well.

    MDN has a great write-up about HTTP access control, that goes into detail of how the entire flow works. According to their docs, it should "work in browsers that support cross-site XMLHttpRequest". This is a bit misleading however, as I THINK only modern browsers allow cross domain POST. I have only verified this works with safari,chrome,FF 3.6.

    Keep in mind the following if you do this:

    1. Your server will have to handle 2 requests per operation
    2. You will have to think about the security implications. Be careful before doing something like 'Access-Control-Allow-Origin: *'
    3. This wont work on mobile browsers. In my experience they do not allow cross domain POST at all. I've tested android, iPad, iPhone
    4. There is a pretty big bug in FF < 3.6 where if the server returns a non 400 response code AND there is a response body (validation errors for example), FF 3.6 wont get the response body. This is a huge pain in the ass, since you cant use good REST practices. See bug here (its filed under jQuery, but my guess is its a FF bug - seems to be fixed in FF4).
    5. Always return the headers above, not just on OPTION requests. FF needs it in the response from the POST.
  • 相关阅读:
    Ninject依赖注入——构造函数、属性、方法和字段的注入
    轻量级IOC框架:Ninject
    WCF 服务端异常封装
    Tomcat远程调试和加入JMS(转)
    关于与产品相关的品牌、国藉等与产品质量的一些思考(转)
    eclipse及Java常用问题及解决办法汇总
    SourceInsight
    java.util.Timer分析源码了解原理
    WebSocket初探
    JAVA布局管理器
  • 原文地址:https://www.cnblogs.com/lexus/p/2489467.html
Copyright © 2011-2022 走看看