I've a jquery iframe based upload script to allow my clients to change images in their website. Work's good, but I want to have a crossdomain solution, so when i update my code, all of my clients get updated also.
the files are actualy uploaded, but I can't read the content of iframe, even he is there, I can see it, but can't read it.
I know it is a security issue, but It's my server, I'm just allowing the upload of .jpg files.
How can I solve this, all my domains are in the same ip, hosted in a vps server.
some code
div_browser = '<iframe id="iframe_uploads" name="iframe_uploads" frameborder="0" align="center"';
div_browser += '"></iframe>';
modal_uploads(div_browser);
function modal_uploads(data) {
var modal = '<div id="modal">';
modal += data;
modal += '</div>';
$("#gestor").append(modal);
//
var id = "#modal";
var winH = $("#gestor").height();
var winW = $("#gestor").width();
$(id).css('top', winH/2-$(id).height()/2);
$(id).css('left', winW/2-$(id).width()/2);
$(id).fadeIn(2000);
}
$("#iframe_uploads").load(function() {
var resposta = document.getElementById('iframe_uploads').contentWindow.document.body.innerHTML;
var开发者_如何学编程 erro = resposta.split('|');
var medidas = erro[1];
if(erro[0] == "ok") {
nome.val('pics/'+$('#ficheiro').val());
var wh = medidas.split('=');
$("#"+nome[0].id+"_width").val(wh[0]);
$("#"+nome[0].id+"_height").val(wh[1]);
$('#modal').animate({opacity: 1.0},1000).fadeOut('fast');
$('#modal').remove();
} else {
$('#modal').html = resposta;
}
});
doing this, I've one iframe waiting for the result of upload process. I can see in that upload was succeded, since iframe content is there, something like "ok|44=55", but I'm unhable of manipulate that data...
Thanks, hope you can help me
The problem is, that even if your servers have the same ip, it's a cross-domain issue for the client (cause they have different domains).
However, as you own the server, there are some workarounds you can do:
1) Use just one domain (the most obvious, but the most probable is you can't)
2) Use proxy code in your server (to communicate one domain with the other, so client sees only 1 domain)
To help you better, i'd like to know: 1) Which technology are you using in your server? (php, java, asp.net, etc) 2) Could you post your form code (mainly action/urls)
Hope this helps
I guess this is not possible to do without full server control.
I managed to do it using php ftp upload functions.
Actually, you can make this work with a following trick:
Suppose you have a form at site.com, and upload handler at uploads.com, then you do as you do but upload handler after doing its work instead of sending response redirects to for example:
http://site.com/redirect/?status=OK&width=44&height=55
or
http://site.com/redirect/?status=Some+error+message
and http://site.com/redirect/
just sends you an empty page.
Then in your load handler you parse iframes document.location.href
and get your response. In some browsers load
event will be fired twice (redirect response + final empty response), you should just ignore permission denied errors.
精彩评论