Javascript：XMLHttpRequest问题与跨源资源共享

本文介绍了Javascript：XMLHttpRequest问题与跨源资源共享的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我向Google Places API发送JSON请求时使用：

I'm making a JSON request to the Google Places API with:

function load(){ var req = new XMLHttpRequest(); req.open('GET', 'maps.googleapis/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxx', false); req.send(null); if(req.status == 200){ dump(req.responseText); } }

但Chrome正在返回错误：

But Chrome is returning the error:

XMLHttpRequest cannot load maps.googleapis/maps/api/place/details/json?reference=CnRhAAAARMUGgu2CeASdhvnbS40Y5y5wwMIqXKfL-n90TSsPvtkdYinuMQfA2gZTjFGuQ85AMx8HTV7axABS7XQgFKyzudGd7JgAeY0iFAUsG5Up64R5LviFkKMMAc2yhrZ1lTh9GqcYCOhfk2b7k8RPGAaPxBIQDRhqoKjsWjPJhSb_6u2tIxoUsGJsEjYhdRiKIo6eow2CQFw5W58&sensor=true&key=xxxxxxxxxxxxxx. Origin sandrayoon is not allowed by Access-Control-Allow-Origin.

有没有办法防止或规避跨源资源共享？我不太熟悉此安全问题。

Is there a way to prevent or circumvent cross-origin resource sharing? I am not very familiar with this security issue.

推荐答案

服务器应该使用Access-Control-Allow-Origin命令让浏览器将此响应传递给javascript。您也可以设置*以允许任何跨域请求。

Server should response with "Access-Control-Allow-Origin" header in order to let the browser to pass this response to javascript. You can also set "*" to allow any cross-domain requests.

这是一个很好的介绍主题。

Here is a good intro to the subject.