Cross-domain Ajax with Cross-Origin Resource Sharing | NCZOnline
Cross-domain Ajax with Cross-Origin Resource Sharing | NCZOnline
"In fact, this site (html5rocks.com) has enabled CORS on all of its pages."
All of the previously mentioned browsers support these simple requests. Firefox 3.5+, Safari 4+, and Chrome all support usage through the XMLHttpRequest object. When attempting to open a resource on a different origin, this behavior automatically gets triggered without any extra code. For example:Getting CORS Working
var xhr = new XMLHttpRequest(); xhr.open("get", "http://www.nczonline.net/some_resource/", true); xhr.onload = function(){ //instead of onreadystatechange //do something }; xhr.send(null);To do the same in Internet Explorer 8, you’ll need to use the XDomainRequest object in the same manner:
var xdr = new XDomainRequest(); xdr.open("get", "http://www.nczonline.net/some_resource/"); xdr.onload = function(){ //do something }; xdr.send();The Mozilla team suggests in their post about CORS that you should check for the existence of the withCredentials property to determine if the browser supports CORS via XHR. You can then couple with the existence of the XDomainRequest object to cover all browsers:
function createCORSRequest(method, url){ var xhr = new XMLHttpRequest(); if ("withCredentials" in xhr){ xhr.open(method, url, true); } else if (typeof XDomainRequest != "undefined"){ xhr = new XDomainRequest(); xhr.open(method, url); } else { xhr = null; } return xhr; } var request = createCORSRequest("get", "http://www.nczonline.net/"); if (request){ request.onload = function(){ //do something with request.responseText }; request.send(); }The XMLHttpRequest object in Firefox, Safari, and Chrome has similar enough interfaces to the IE XDomainRequest object that this pattern works fairly well. The common interface properties/methods are: abort() – use to stop a request that’s already in progress. onerror – use instead of onreadystatechange to detect errors. onload – use instead of onreadystatechange to detect successes. responseText – use to get contents of response. send() – use to send the request.
Credentialed requests
By default, cross-origin requests do not provide credentials (cookies, HTTP authentication, and client-side SSL certificates). You can specify that a request should send credentials by setting the withCredentials property to true. If the server allow credentialed requests, then it responds with the following HTTP header:Access-Control-Allow-Credentials: trueIf a credentialed request is sent and this header is not sent as part of the response, then the browser doesn’t pass the response to JavaScript (responseText is an empty string, status is 0, and onerror() is invoked). Note that the server can also send this HTTP header as part of the preflight response to indicate that the origin is allowed to send credentialed requests. Internet Explorer 8 doesn’t support the withCredentials property; Firefox 3.5, Safari 4, and Chrome all support it.
<?php header('Access-Control-Allow-Origin: http://www.some-site.com'); ?>
<?php header('Access-Control-Allow-Origin: *'); ?>
沒有留言:
張貼留言