问题
Use Case: I am working on an image uploader which uses ajax upload function.I want to upload images to a subdomain user creates on the website.For example,when the user creates a domain on the website I copy a php script for uploading images to the new domain viz image-cropping.php.I want to send a request to this file when the user uploads any image to his domain.
Issue:
When I try to upload an image I get Error: Permission denied to access property 'readyState'.My calling js file is on xyz.google.com and the upload php script is on abc.google.com.
Research
After doing some googling and research I learnt javascript won't allow to send request cross domain and it needs a http proxy to handle this.Here is the code I have tried.The script to run the ajax uploader.In action I have the path to file on other domain(the path is built dynamically).
new AjaxUpload(btnUpload, {
action: 'includes/modules/domain_creation/proxy.php',
name: 'image',
onSubmit: function(file, ext){
if (! (ext && /^(jpg|png|jpeg|gif|JPG|JPEG|PNG|GIF)$/.test(ext))){
alert('Only JPG, PNG or GIF files are allowed');
return false;
}
$('#thumbImg').html('<img src="http://localhost/gobiggi_VS_2_2/images/appImages/imageLoader.png" />');
},
1) Am I doing it in the right way(working on it for first time)?Is the proxy actually needed?
2)How and where can I set the proxy so that the error permission can be negotiated?
3)What security issues does it open up(Is it safe?If not what's an alternative)?Any pointers or suggestions would be helpful for me.
Thank you for your time.
Update:
I am using this proxy script for uploading the image.Part of the code is
$domainUsername = $_SESSION['domainUsername'];
$domainNameWeb = $_SESSION['domainName'];
//$fileParameterProxy = $_FILES['image'];
//Destination URL: Where this proxy leads to the upload script
$destinationURL = 'http://www.'.$domainNameWeb.'/'.$domainUsername.'/upload.php';
//The only domain from which requests are authorized.
$RequestDomain = 'abc.net';
Now I don't get the Error for permission but I am not able to get the image on to the server.When I try to do print_r($_FILES) I get a blank array on my upload script.
I believe I am missing something!!Can someone please correct?
Thank you for your time!
回答1:
1 and 2) You have to set your proxy as action, because that is the place where you are allowed to upload the files. The proxy then will do the request to the other domain, where it can send the files to.
3) Depends on your proxy implementation. You should avoid to store the files locally or execute/include anything from user input, like always when writing php scripts. Directly send the tmp file to your destination server, this will also be the fastest implementation.
来源:https://stackoverflow.com/questions/14832334/create-a-http-proxy-in-php-for-uploading-images-using-iframe