我需要从Chrome上运行的Web应用程序发送多部分表单POST请求。 这适用于以下代码:
<form method="post" action="http://localhost:999/some/path" target="iframeId" id="mainForm"> ... </form> <iframe id="iframeId" name="iframeId" width="100%"></iframe>我想手动创建多部分请求有效负载,因为要提交的文件需要先加密。
var boundary = "---------------------------7da24f2e50046"; var body = '--' + boundary + '\r\n' + 'Content-Disposition: form-data; name="file";' + 'filename="temp.bin"\r\n' + 'Content-type: application/octet-stream\r\n\r\n' + body + '\r\n' + boundary + '--'; $.ajax({ contentType: "multipart/form-data", data: body, type: "POST", url: "http://localhost:999/some/path", success: function (data, status) { alert('done'); } });当我运行此代码时,我收到以下错误:
XMLHttpRequest无法加载localhost:999 / some / path。 请求的资源上不存在“Access-Control-Allow-Origin”标头。 因此不允许Origin'file://'访问。
为什么将POST的目标设置为iFrame有效,但ajax不会? 有没有办法解决这个问题,能够构建我自己的多部分有效负载?
I need to send a multipart form POST request from my web application running on Chrome. That works well with the following code:
<form method="post" action="http://localhost:999/some/path" target="iframeId" id="mainForm"> ... </form> <iframe id="iframeId" name="iframeId" width="100%"></iframe>I would like to create the multipart request payload manually instead, since the file to be submitted needs to be encrypted first.
var boundary = "---------------------------7da24f2e50046"; var body = '--' + boundary + '\r\n' + 'Content-Disposition: form-data; name="file";' + 'filename="temp.bin"\r\n' + 'Content-type: application/octet-stream\r\n\r\n' + body + '\r\n' + boundary + '--'; $.ajax({ contentType: "multipart/form-data", data: body, type: "POST", url: "http://localhost:999/some/path", success: function (data, status) { alert('done'); } });When I run this code I get the following error:
XMLHttpRequest cannot load localhost:999/some/path. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'file://' is therefore not allowed access.
Why setting the target of the POST to an iFrame works, but an ajax won't? Is there a way to work around this, to be able to build my own multipart payload?
最满意答案
为什么将POST的目标设置为iFrame有效,但ajax不会?
因为Ajax会让触发请求的站点(Mallory网站)上的Alice浏览器中的JavaScript访问Bob的站点的响应(当Alice和Bob应该访问它时,可能会将私有数据泄露给Mallory)。
iframe有其他机制来阻止JS访问数据。
有没有办法解决这个问题,能够构建我自己的多部分有效负载?
几个 。 主要是:
CORS JSONP(不适合POST请求) 让JS向同一服务器发出请求,然后使用服务器端代码中继它Why setting the target of the POST to an iFrame works, but an ajax won't?
Because Ajax would let the JavaScript running in Alice's browser on the site (Mallory's site) that triggered the request access the response from Bob's site (which could leak private data to Mallory when only Alice and Bob should have access to it).
iframes have other mechanisms to prevent JS from accessing the data.
Is there a way to work around this, to be able to build my own multipart payload?
Several. The main ones are:
CORS JSONP (not suitable for POST requests) Having JS make the request to the same server and then relaying it using server side code更多推荐
发布评论