我想使用javascript从网站上获取页面。 我有网址:
http://not-my-site.com/random
从'随机'我将被重定向到网站上的另一个(随机)页面 邮差做我喜欢的一切:)它是整页(html)。但是我如何从javascript中做同样的事情呢? 我按照本指南http://www.html5rocks.com/en/tutorials/cors/尝试了CORS alredy,但没有成功。我仍然只是得到一个错误:
XMLHttpRequest cannot load http://not-my-site.com/random.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
教程中的代码:
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// Check if the XMLHttpRequest object has a "withCredentials" property.
// "withCredentials" only exists on XMLHTTPRequest2 objects.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// Otherwise, check if XDomainRequest.
// XDomainRequest only exists in IE, and is IE's way of making CORS requests.
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// Otherwise, CORS is not supported by the browser.
xhr = null;
}
return xhr;
}
var xhr = createCORSRequest('GET', 'http://not-my-site.com/random');
if (!xhr) {
throw new Error('CORS not supported');
}
xhr.onload = function() {
var responseText = xhr.responseText;
console.log(responseText);
// process the response.
};
xhr.onerror = function() {
console.log('There was an error!');
};
xhr.send();
我也尝试过这样的常见xhr(得到了同样的错误):
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://not-my-site.com/random', true);
xhr.send();
答案 0 :(得分:0)
这似乎是在服务器上未正确配置CORS的问题。以下PHP代码应允许来自任何域的任何请求。 (如果你不使用PHP,那么将下面的代码转换成任何其他语言应该很容易,线索就是写入HTTP头。)
请记住在输出任何HTML之前放置此代码。
$origin=isset($_SERVER['HTTP_ORIGIN'])?$_SERVER['HTTP_ORIGIN']:$_SERVER['HTTP_HOST'];
header('Access-Control-Allow-Origin: '.$origin);
header('Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: Authorization, X-Requested-With');
header('P3P: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"');
header('Access-Control-Max-Age: 1');
接受来自所有域的请求是不安全的。有关更好(但稍微复杂一点)的解决方案,请参阅此处:CORS That Works In IE, Firefox, Chrome And Safari