?Briella 2012-01-05 20:48 采纳率: 0%
浏览 390

403禁止JSONP请求

There is a domain I don't control which returns JSON data -- going to http://services.example.com/search?store=ITUNES&q=twitter yields something like

{
  MySearch: {
    resultCount: 1
    results: [
      { name: "twitter" }
    ]
  }
}

When I try to get it with jsonp from another domain, such as from my own computer (using jQuery) --

$.ajax({
    url: 'http://services.example.com/search?store=ITUNES&q=twitter',
    dataType: 'jsonp',
    success: function(data) {
        console.log('hi');
    }
});

I get "Status Code: 403 Forbidden".

Here are the server response headers:

Connection:keep-alive
Content-Length:9
Content-Type:text/plain
Date:Thu, 05 Jan 2012 20:33:04 GMT
Server:WEBrick/1.3.1 (Ruby/1.9.3/2011-10-30)
X-Frame-Options:sameorigin

Is there any way I can get this data without making any server-side changes?

  • 写回答

2条回答 默认 最新

  • weixin_33697898 2012-01-05 23:23
    关注

    This is due to the browser's cross origin resource sharing policy.

    To enable this you'd have to have the origin add special headers to "preflight" your request. Else, the JSONP tactic would allow you to access data across domains, but it has to actually be JSONP and not just JSON.

    Here's an example on how to enable cross-domain resource sharing in PHP:

    <?php
      header('Access-Control-Allow-Origin: http://sub.domain.com');
      header('Access-Control-Allow-Credentials: true' );
?>

    As you said, unfortunately I think this is out of your control. In fact, the security mechanisms are in place in part to prevent stuff like this from happening (i.e. sapping another servers resources by consuming it's JSON).

    评论

报告相同问题?

悬赏问题

  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作