PHP与JQuery Web API 2

Well, the title is really bad here, but I had no other way to explain what is happing my server.

I have a normal web api2, new. I installed cross domain and only putted

config.EnableCors(); on webapiconfig.

I have a MailController Which contains this method :

 [HttpPost]//omUrl/{url?}
        [Route(@"~/api/Mail/MailOpen")]
        public void MailOpen()
        {
            try
            {
                File.Create(@"D:\Emails\Alive.html");

            }
            catch (Exception ex)
            {
                // ignored
            }
        }

and run on a web with this host: http://localhost:56212/

So, i am trying to post some data to check cross domain policy and i post with this php code :

<?php 
$url = 'http://localhost:56212/api/Mail/MailOpen';
$data = array('Smtp' => 'value1', 'Subject' => 'value2');

// use key 'http' even if you send the request to https://...
$options = array(
    'http' => array(
        'header'  => "Content-type: application/x-www-form-urlencoded
",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);

var_dump($result);
 ?>

This code gets to the server and the Alive.html is created, Wait. How can that be i asked my self, i don't have any cross domain policy yet on this controller ?..

So i tryed to run this javascript code :

<script>

 $.get(
     "http://localhost:56212/api/Mail/MailOpen",
     { 'G': "aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c" }, // put your parameters here
     function (responseText) {
           console.log(responseText);

     }

    );
</script>

Which suppose to do the same thing.. but I get this error :

jquery-1.11.2.min.js:4 GET http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c m.ajaxTransport.send @ jquery-1.11.2.min.js:4m.extend.ajax @ jquery-1.11.2.min.js:4m.each.m.(anonymous function) @ jquery-1.11.2.min.js:4m.extend.getJSON @ jquery-1.11.2.min.js:4(anonymous function) @ index.html:6 index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405.

Which is normal, because I don't have any policy yet.

Can any one tell me why the php worked and the jQuery return an error?

Ty all.]

Edit :

Well this is even more bad.. I just saw I am trying to use GET to post.

So I change my request to post, and the server took it and it worked, it even created the file, but give me an error index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

How can it give an error and still work?

Better yet, how is this even working!?

1个回答



CORS是一种特定于浏览器的安全机制。 您的PHP不是典型的Web浏览器,也不需要强制执行CORS策略。</ p>

来自维基百科:</ p>


CORS standard描述了新的HTTP标头,它为浏览器和服务器提供了一种只有在有权限时才能请求远程URL的方法。 尽管服务器可以执行某些验证和授权,但浏览器通常负责支持这些标头并遵守它们所施加的限制。
对于可以修改数据的AJAX和HTTP请求方法(通常是GET以外的HTTP方法,或者 对于某些MIME类型的POST用法,规范要求浏览器“预检”请求,从服务器请求支持的方法和HTTP OPTIONS请求标头,然后,在从服务器“批准”时,发送实际请求与 实际的HTTP请求方法。 服务器还可以通知客户端是否应该随请求一起发送“凭证”(包括Cookie和HTTP身份验证数据)。</ p>
</ blockquote>
</ div>

展开原文

原文

CORS is a security mechanism that is browser-specific. Your PHP is not a typical web browser, and does not require CORS policies be enforced.

From Wikipedia:

The CORS standard describes new HTTP headers which provide browsers and servers a way to request remote URLs only when they have permission. Although some validation and authorization can be performed by the server, it is generally the browser's responsibility to support these headers and respect the restrictions they impose. For AJAX and HTTP request methods that can modify data (usually HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐