Fatal编程技术网
  • javascript/
  • Javascript CORS请求如何在iframe中工作?

Javascript CORS请求如何在iframe中工作?

javascript cors

Javascript CORS请求如何在iframe中工作?,javascript,cors,Javascript,Cors,使用javascript,我们可以使用XMLHttpRequest发出跨源请求 跨源请求要求被请求的主机仅对预批准的主机作出响应 当从iframe中发出XHR请求时(来自主机a的内容向站点C发出请求,但被加载到站点B的iframe中)。站点C上必须允许哪一个主机/来源才能通过请求?不完全清楚您在问什么,但规则相当简单:请求的来源基于代码运行的窗口。因此,如果代码在iframe的窗口中运行,则原点是iframe的原点,而不是包含iframe的页面的原点 因此,如果你有: +−−−−−−−−−−−−

使用javascript,我们可以使用XMLHttpRequest发出跨源请求

跨源请求要求被请求的主机仅对预批准的主机作出响应

当从iframe中发出XHR请求时(来自主机a的内容向站点C发出请求,但被加载到站点B的iframe中)。站点C上必须允许哪一个主机/来源才能通过请求?

不完全清楚您在问什么,但规则相当简单:请求的来源基于代码运行的窗口。因此,如果代码在iframe的窗口中运行,则原点是iframe的原点,而不是包含iframe的页面的原点

因此,如果你有:

+−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | [B] Page from http://example1.com | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | Content | | ... | | ... | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | [A] http://example2.com | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | Content | | | | ... | | | | ... | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ |[B]第页,共页http://example1.com | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ |内容| | ... | | ... | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | ||[A]http://example2.com | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | ||内容|| | | ... | | | | ... | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
…并且发出请求的代码在iframe(A)中,请求的来源是
http://example2.com

您在问题中所做的并不完全清楚,但规则相当简单:请求的来源基于代码运行的窗口。因此,如果代码在iframe的窗口中运行,则原点是iframe的原点,而不是包含iframe的页面的原点

因此,如果你有:

+−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | [B] Page from http://example1.com | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | Content | | ... | | ... | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | [A] http://example2.com | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | Content | | | | ... | | | | ... | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ |[B]第页,共页http://example1.com | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ |内容| | ... | | ... | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | ||[A]http://example2.com | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | ||内容|| | | ... | | | | ... | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
…并且发出请求的代码在iframe(A)中,请求的来源是
http://example2.com

它仍然应该是A。它不是因为某种原因对你有用吗?这是有道理的。我在想一个页面只能使用一个来源。但我想iframe保留了origin,所以当你加载iframe时,iframe可以根据加载源发出请求?@WiktorZychla我还没有尝试过,我想在尝试每种组合之前获得一些背景信息,希望它们都能起作用。它仍然应该是A。这对你来说不起作用吗?这很有意义。我在想一个页面只能使用一个来源。但我想iframe保留了origin,所以当你加载iframe时,iframe可以根据加载源发出请求?@WiktorZychla我还没有尝试过,我想在尝试每种组合之前获得一些背景信息,希望它们都能起作用。