如何在javascript中通过url获取一些页面

时间:2014-12-07 00:45:18

标签: javascript xmlhttprequest cors postman

我想使用javascript从网站上获取页面。 我有网址:

http://not-my-site.com/random

从'随机'我将被重定向到网站上的另一个(随机)页面 邮差做我喜欢的一切:)它是整页(html)。但是我如何从javascript中做同样的事情呢? 我按照本指南http://www.html5rocks.com/en/tutorials/cors/尝试了CORS alredy,但没有成功。我仍然只是得到一个错误:

XMLHttpRequest cannot load http://not-my-site.com/random. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

教程中的代码:

function createCORSRequest(method, url) {
  var xhr = new XMLHttpRequest();
  if ("withCredentials" in xhr) {

    // Check if the XMLHttpRequest object has a "withCredentials" property.
    // "withCredentials" only exists on XMLHTTPRequest2 objects.
    xhr.open(method, url, true);

  } else if (typeof XDomainRequest != "undefined") {

    // Otherwise, check if XDomainRequest.
    // XDomainRequest only exists in IE, and is IE's way of making CORS requests.
    xhr = new XDomainRequest();
    xhr.open(method, url);

  } else {

    // Otherwise, CORS is not supported by the browser.
    xhr = null;

  }
  return xhr;
}

var xhr = createCORSRequest('GET', 'http://not-my-site.com/random');
if (!xhr) {
  throw new Error('CORS not supported');
}

xhr.onload = function() {
 var responseText = xhr.responseText;
 console.log(responseText);
 // process the response.
};

xhr.onerror = function() {
  console.log('There was an error!');
};

xhr.send();

我也尝试过这样的常见xhr(得到了同样的错误):

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://not-my-site.com/random', true);
xhr.send();

1 个答案:

答案 0 :(得分:0)

这似乎是在服务器上未正确配置CORS的问题。以下PHP代码应允许来自任何域的任何请求。 (如果你不使用PHP,那么将下面的代码转换成任何其他语言应该很容易,线索就是写入HTTP头。)

请记住在输出任何HTML之前放置此代码

$origin=isset($_SERVER['HTTP_ORIGIN'])?$_SERVER['HTTP_ORIGIN']:$_SERVER['HTTP_HOST'];
header('Access-Control-Allow-Origin: '.$origin);        
header('Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: Authorization, X-Requested-With');
header('P3P: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"');
header('Access-Control-Max-Age: 1');

接受来自所有域的请求是不安全的。有关更好(但稍微复杂一点)的解决方案,请参阅此处:CORS That Works In IE, Firefox, Chrome And Safari

相关问题
最新问题