现在的位置: 首页 > 综合 > 正文

{{js跨域请求解决方案}}Use a Web Proxy for Cross-Domain XMLHttpRequest Calls(使用服务器端代理实现Ajax跨域请求)

2019年10月29日 ⁄ 综合 ⁄ 共 4915字 ⁄ 字号 评论关闭

JavaScript: Use a Web Proxy for Cross-Domain XMLHttpRequest Calls

综述:
XMLHttpRequest同域限制只是浏览器端的安全限制,但是服务器端并没有同域安全限制,故可以通过服务器端来实现跨域请求,然后在浏览器端通过Ajax获取服务器端的跨域请求的数据,这就是所谓的在服务器端建立一个XMLHttpRequest代理,通过这个代理来访问其它跨名下的资源。YDN的这篇文章讲解了如何实现服务器端代理来实现跨域请求,文章很浅显易懂,故不做翻译,而且很多人翻译过来的不见得就比原文清晰易懂!
奋斗

The XMLHttpRequest object (also known as the XMLHTTP object in Internet Explorer) is at the core of today's most exciting AJAX web applications. But actually writing client web applications that use this object can be tricky given restrictions imposed by web
browsers on network connections across domains. This HOWTO provides describes the issue in simple, easy to understand language and provides one possible solution: a web proxy that relays network requests from your web server to services such as the Yahoo!
Web Service APIs.

Why You Need a Proxy

All modern web browsers impose a security restriction on network connections, which includes calls to XMLHttpRequest. This restriction prevents a script or application from making a connection to any web server other than the one the web page originally came
from (Internet Explorer will allow cross-domain requests if the option has been enabled in the preferences). If both your web application and the XML data that application uses come directly from the same server, then you do not run into this restriction.

If, however, you serve your web application from one web server and you make web service data requests to another server -- for example, to the Yahoo! Web Services -- then the browser prevents the connection from being opened at all. Bummer.

There are a number of solutions to this problem but the most commonly-used one is to install a proxy on your web server. Instead of making your XMLHttpRequest calls directly to the web service, you make your calls to your web server proxy. The proxy then passes
the call onto the web service and in return passes the data back to your client application. Because the connection is made to your server, and the data comes back from your server, the browser has nothing to complain about.

For security reasons it's a good idea for any proxy you install on your web server should be limited in use. An open proxy that passes on connections to any web site URL is open to abuse. Although it is difficult to limit the connections to your proxy from
only your application, you can prevent the proxy from making connections to servers other than those you specify. Hard code the URL to connect to in the proxy itself or provide limited options. This makes the proxy less open and less useful to users other
than your client application.

PHP Proxy for Yahoo! Web Services

For the Yahoo! Developer Network JavaScript Developer Center we have provided sample code for asimple
web proxy
, written in PHP, that takes requests for the Yahoo! Search APIs. You can install this proxy on your own web server in any convenient location (your web server must be set up to run PHP).

The proxy encodes the Yahoo! Web services site URL in a global variable called HOSTNAME. ou will need to modify this variable to refer to the Yahoo! Web Services API you'll be using. This is the domain used by the Yahoo! Search web services; other domains include
Yahoo! Local (http://local.yahooapis.com) and Yahoo! Travel (http://api.travel.yahoo.com).

define ('HOSTNAME', 'http://search.yahooapis.com/');

To use the PHP web proxy in your client application, the URL for the request in the JavaScript code includes the path for the Yahoo! Web Services request, minus the domain name. The domain name is added by the proxy itself on the server side. This code snippet
comes from a more complete XMLHttpRequest code sample on our JavaScript
Developer Center
.

// The web services request minus the domain name
var path = 'VideoSearchService/V1/videoSearch?appid=YahooDemo&query=madonna&results=2';

// The full path to the PHP proxy
var url = 'http://localhost/php_proxy_simple.php?yws_path=' + encodeURIComponent(path);
... // core xmlhttp code
xmlhttp.open('GET', url, true);

Note that although this example uses an HTTP GET request, the sample PHP web proxy also supports POST.

You could modify the proxy to do post-processing of the data you get from the request on the server side, for example, to strip out only the elements you're interested in or the parse the XML into a format you can more comfortably handle in JavaScript.

Other Solutions

In addition to using a web proxy to pass web services data to your application, there are several other options to working around cross-domain browser restrictions:

  • Use apache's mod_rewrite or mod_proxy to pass requests from your server to some other server. In your
    client code you just make the request as if it was actually on your server -- no browser problems with that. Apache then does its magic and makes the request to the other server for you.
  • Use JSON and dynamic <script> tags instead of XML and XMLHttpRequest. You can get around the browser security problem altogether by making your web services request directly inside
    a<script> tag. If the Yahoo! Web Service you're using can output JSON (using the output=jsonand callback=function
    parameters), the data you get back from the web service is evaluated as a JavaScript object when the page is loaded. See our JSON Documentation for
    an example of how to do this in your own scripts.
  • Digitally sign your scripts. In Firefox you can apply a digital signature to your script and those scripts will then be considered "trusted" by the browser. Firefox will then let you make XMLHttpRequests to any domain. However, no other browsers support script
    signing at this time, so this solution is of limited use.

抱歉!评论已关闭.