本文介绍了Javascript:XMLHttpRequest问题与跨源资源共享的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我向Google Places API发送JSON请求时使用:
I'm making a JSON request to the Google Places API with:
function load(){ var req = new XMLHttpRequest(); req.open('GET', 'maps.googleapis/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxx', false); req.send(null); if(req.status == 200){ dump(req.responseText); } }但Chrome正在返回错误:
But Chrome is returning the error:
XMLHttpRequest cannot load maps.googleapis/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxxx. Origin sandrayoon is not allowed by Access-Control-Allow-Origin.有没有办法防止或规避跨源资源共享?我不太熟悉此安全问题。
Is there a way to prevent or circumvent cross-origin resource sharing? I am not very familiar with this security issue.
推荐答案服务器应该使用Access-Control-Allow-Origin命令让浏览器将此响应传递给javascript。您也可以设置*以允许任何跨域请求。
Server should response with "Access-Control-Allow-Origin" header in order to let the browser to pass this response to javascript. You can also set "*" to allow any cross-domain requests.
这是一个很好的介绍主题。
Here is a good intro to the subject.
更多推荐
Javascript:XMLHttpRequest问题与跨源资源共享
发布评论