cross-domain

问题 I have backend with POST functionality (so JSONP is not working). Backend sends Access-Control-Allow-Origin: * correctly (jQuery.ajax works successfully). But I cannot send request using Ext.Ajax.request Ext.Ajax.request({ url: 'http://myurl', method: 'POST', cors: true, success: function () { alert('success'); }, failure: function () { alert('failure'); } }); In debug console I see OPTIONS method Where is my mistake? Ext.getVersion() version: "5.0.1.1255" 回答1: I think you will have to set

问题 From what I understand about CORS, this is how it works: I have a site foo.com which serves a page X. X wants to post data to another domain bar.com. If bar.com is CORS enabled (its headers produce Access-Control-Allow-Origin foo.com) then page X can now send data to bar.com. As I understand to get CORS to work it's all about settingit up on bar.com, and has nothing to do with foo.com. It's all about making sure bar.com doesn't accept requests from any old domain. However this really doesn't

问题 Here is my ajax call. $.ajax({ type: "GET", url: "http://example.com/v1/search?keyword=r", dataType: "jsonp", crossDomain: true, success: function (responseString) { alert(responseString); }, error: function (xhr, errorType, exception) { var errorMessage = exception || xhr.statusText; alert(errorMessage); } }); Response from my example url { "response": [{ "attributes": { "type": "enge", "url": "/services/data/v24.0/sobjects/Challenge__c/a0GZ0000005Vvh4MAC" }, "name": "Really", "end_date":

问题 For example i'm on domain1: a.click(function(){ window.win=window.open(domain2,'name'); }); Now i'm on domain2 and i'm closing it. How does window.win will know that user closed that window? Is there any event or property to check via interval? 回答1: There is a property which is not part of any W3C spec. It's called closed and would get accessed like if( window.win.closed ) { // window was closed } I'm not sure about the cross-browser compatibilty for that property. I'm also not sure how this

问题 I'm wondering, in IE & Firefox you're able to setup the browser, to allow cross-domain calls. I can't find any option in chrome for that (actually, there are in general not too much options at all...) are there any about:config like things? Kind Regards --Andy 回答1: No. Sorry. Chrome and Firefox, however do support cross-domain requests via the W3C CORS spec (Cross Origin resource sharing) however the remote host has to enable it. If the remote host supports it explicitly then you don't have

问题 I'm trying to manage sessions in Spring Security without leveraging cookies. The reasoning is - our application is displayed within an iframe from another domain, we need to manage sessions in our application, and Safari restricts cross-domain cookie creation. (context : domainA.com displays domainB.com in an iframe. domainB.com is setting a JSESSIONID cookie to leverage on domainB.com, but since the user's browser is showing domainA.com - Safari restricts domainB.com from creating the cookie

问题 Receiving this message in the console: Refused to display in a frame because it set 'X-Frame-Options' to DENY This happens when the site is being shown in the mobile version, its just a different set of html and assets served up if the user agent is a mobile device. It does display m.facebook.com in the console error message. FB.ui( { method: 'share', href: 'https://www.espn.com/mlb', }, function(response) { if (response && !response.error_code) { console.log('shared_post'); //facebook_post

问题 I'm calling POST on a third-party API that I've been working with via jQuery's $.ajax function. However, when I make the call I get the following error: XMLHttpRequest cannot load http://the-url.com. The request was redirected to 'http://the-url.com/anotherlocation', which is disallowed for cross-origin requests that require preflight. I saw from this post that this might be a Webkit bug, so I tried it in Firefox (I'm developing in Chrome) and I got the same result.I've tried this on Chrome

问题 A while back I ran across an interesting security hole <a href="http://someurl.here" target="_blank">Link</a> Looks innocuous enough, but there's a hole because, by default, the page that's being opened is allowing the opened page to call back into it via window.opener . There are some restrictions, being cross-domain, but there's still some mischief that can be done window.opener.location = 'http://gotcha.badstuff'; Now, HTML has a workaround <a href="http://someurl.here" target="_blank" rel

问题 I need a user to navigate to a certain page that has a certain div full of useful text. Then click my bookmarklet and send the text in that div back to my server, which is different from the current domain. I have successfully inserted jQuery on the bookmarklet click and selected the text. Now I need to figure out a way to send that text cross domain to my server. I tried JSONP with jQuery and my text is too long for the url. My second idea was to open up a new window and load a page from my