cross-domain

问题 I'm trying to get a cross domain call to work using JSONP within JQuery. In IE, the alert method never executed. In FF/Safari/Chrome, it's always null. I looked at Fiddler and the result from the WCF method is as I'm expecting, which is: method({"Name":"blah1","Data":"blah2"}); Here's my JavaScript: $.getJSON("http://localhost:5603/MyService/?method=test", null, function (result) { alert("in test: " + result); $("#spText").html(result); }); Here's the WCF method: [OperationContract]

问题 I'm looking for close event for popup. I've found one for XUL, but I need it for HTML. Popup has closed property. >>> var popup = open('http://example.com/', 'popup', 'height=400,width=500'); >>> popup.closed false Well, I can check it once at half second. function open_popup() { var popup = open('http://example.com/', 'popup', 'height=450,width=450'); var timer = setInterval(function(){ if (popup.closed) { alert('popup closed!'); clearInterval(timer); } }, 500); } I've tested it on Chrome 4

问题 I'm looking for close event for popup. I've found one for XUL, but I need it for HTML. Popup has closed property. >>> var popup = open('http://example.com/', 'popup', 'height=400,width=500'); >>> popup.closed false Well, I can check it once at half second. function open_popup() { var popup = open('http://example.com/', 'popup', 'height=450,width=450'); var timer = setInterval(function(){ if (popup.closed) { alert('popup closed!'); clearInterval(timer); } }, 500); } I've tested it on Chrome 4

问题 Some background: I'm developing a web based mobile application using JavaScript. HTML rendering is Safari based. Cross domain policy is disabled, so I can make calls to other domains using XmlHttpRequests. The idea is to parse external HTML and get text content of specific element. In the past I was parsing the text line by line, finding the line I need. Then get the content of the tag which is a substring of that line. This is very troublesome and requires a lot of maintenance each time the

问题 While working on a project to make our site HTML 5 friendly, we were eager to embrace the new method for Cross Domain requests (no more posting through hidden iframes!!!). Using the Access Control specification we begin setting up some tests to verify the behaviour of various browsers. The current Rails RESTful architecture relies on the four HTTP verbs: GET, POST, PUT, DELETE. However in the Access Control spec, it dictates that non-simple methods (PUT, DELETE) require a pre-flight request

问题 Suppose I control two domains, www.api_domain.com and www.website_domain.com . www.api_domain.com offers an API that requires the user to authenticate and then uses a session cookie to recognise the user who is making requests. www.website_domain.com loads a script onto its pages from www.api_domain.com and that script wants to make calls to API URLs on www.api_domain.com with the current user's cookie and use the results in some way on the page from www.website_domain.com . For initially

问题 I am trying to allow access to every subdomain on my site in order to allow cross subdomain AJAX calls. Is there a way to specify all subdomains of a site like *.example.com or alternatively, why does the following not work when I have more than one domain listed: header('Access-Control-Allow-Origin: http://api.example.com http://www.example.com'); I have read through the following question which appears to be similar, if not the same as this one, other than the fact that I want access to

问题 If someone send XHR request from some-client.com to some-rest.com , I want get origin( domain name, not client ip ) of the request with PHP. The possible solutions: Maybe I can use $_SERVER['HTTP_ORIGIN'] but I don't know if it is a standard. I see another header like $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] , but some cases this return the real hostname and not the real domain . And $_SERVER['REMOTE_ADDR'] gives the client IP. Whats is the correct way to get origin of request like a

问题 After reading this article I don't have a clear answer: http://palizine.plynt.com/issues/2010Oct/bypass-xss-filters/ Will browsers interpret text/html data URI payload in <img> src as an document where <script> tags are executed? If not then is it safe to allow data URIs in third party HTML? What safety mechanisms exist at the browser level for this use case? 回答1: The MSDN documentation says IE does not: For security reasons, data URIs are restricted to downloaded resources. Data URIs cannot

问题 I have a new site I am working on that is using adsense. It is https://viewing.nyc and very much a work in progress. I have some adsense ads displaying on the site already and they work -- ins the sense that they actually display ads -- but they output a ton of garbage in the Safari console. The message I constantly see is the classic: Blocked a frame with origin "https://googleads.g.doubleclick.net" from accessing a frame with origin "https://viewing.nyc". Protocols, domains, and ports must