开发者

Cross-domain calls from a webbrowser

开发者 https://www.devze.com 2023-01-07 22:18 出处:网络
I would like to execute a cross domain http request from a website.What are my options? Javascript is out, because most browser don\'t allow cross domain calls.Generally the solution is to use a prox

I would like to execute a cross domain http request from a website. What are my options?

Javascript is out, because most browser don't allow cross domain calls. Generally the solution is to use a proxy, but that isn't an option for this project.

The other things I was thinkin开发者_Python百科g about would be to use Flash or maybe Java. Are there any other platforms that I could use?


You will have to stick with the proxy solution because flash and java have the same cross-domain restrictions as javascript. If this is something that is only for personal use, there is an option as I know with the flex builder and the debugger version of the falsh player which can make cross-domain requests.


Both Java and Flash support crossdomain.xml files, as documented on Oracle and Adobe sites respectively.

W3C is working on a standard that takes a different approach. When that gets implemented by which systems, I cannot predict.


If you have administrative access to the server you will be making a cross-domain request to, then you can make it serve a Flash cross-domain policy file that grants another server (or servers) cross-domain access. Then that other server needs to use Flash to make its cross-domain requests.

If you are looking for something to help get you started, check out the opensource Forge project. It exposes a cross-domain XmlHttpRequest API in JavaScript so you only have to write JavaScript code:

http://github.com/digitalbazaar/forge/blob/master/README


"Javascript is out, because most browser don't allow cross domain calls."

Unfortunately, Javascript is most definitely in. You just have to add a new script to the page with whatever src url you like. It's called Cross-Site Scripting (or XSS). IMO, the vulnerability it introduces renders moot all the other attempts by browsers to regulate a "same-origin" policy. They're just trying to patch a hole in a pair of pants that have already fallen down around your ankles.

0

精彩评论

暂无评论...
验证码 换一张
取 消