douniang3866 2010-10-27 16:52
浏览 58
已采纳

同源策略 - JavaScript调用PHP

I know that this is a popular topic, but I've yet to find an answer that's completely comprehensive.

I'm trying to create a simple way for our 'customers' to place a Google Map on their website, which plots the position of our customers (or a subset thereof) on the map. The customers are in a MySQL database which is turned into XML on-the-fly by a PHP script (as per Google's example). This works fine on my website, but when I try it on another website the xmlHTTPRequest is not allowed to look at the PHP as it's on another domain.

I can circumvent this by writing another PHP file on the other domain which simply reads the PHP file on the original domain. But not all our customers will have PHP running on their servers. Is there any way that I can return the XML results from our database using JavaScript?

A couple of points:

  1. The JavaScript that makes the xmlHTTPRequest still sits on our server -- our clients link to it from a script tag. I thought that might be enough, but the 'origin' (according to Chrome, anyway) is still seen as domain#2

  2. This is great: if I use an absolute reference in the xmlHTTPRequest (e.g. request.open('GET', 'http://mydomain.com/api/foo.php', true)) then it will fail in IE, but if I use a relative reference ('/api/foo.php') it will work.

  3. I don't know enough about it, but could I use JSON? I've seen: 'script src="http://..../someData.js?callback=some_func"' but don't know how, I would make 'someData.js' look like JSON? (I'm thinking very much in terms of functions, which probably is incorrect?).

  4. I've tried adding: header("Access-Control-Allow-Origin: *"); to the top of the PHP that outputs the XML, but it's not really doing much that I can tell!

  5. If I do use a PHP wrapper on the client's server, what's the advantage of using a cURL request, rather that simple file_get_contents or fopen?

Sorry, lots of questions, but any guidance would be greatly appreciated.

Massive thanks,

Mat

  • 写回答

3条回答 默认 最新

  • donglang7236 2010-10-27 16:57
    关注

    An easy way around this is to let your PHP script return something like:

    callback_function(YOUR_DATA);
    

    Then in the JS script included on the clients site you dynamically insert a <script> which has src pointing to your PHP script:

    (function() {
        var scriptElement   = document.createElement('script');
        scriptElement.type  = 'text/javascript';
        scriptElement.async = true;
        scriptElement.src   = 'http://example.org/yourScript.php?data=...';
        var container       = document.getElementsByTagName('script')[0];
        container.parentNode.insertBefore(scriptElement, container);
    })();
    

    This technique is called JSONP and should do exactly what you want ;)

    Another way around the problem would be allowing cross-domain XMLHttpRequest in the Content Security Policy. But I think only Firefox 4 supports that right now.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决