使用javascript,我们可以使用XMLHttpRequest创建一个跨源请求。
跨源请求要求请求的主机仅对预先批准的主机发出响应。
从iframe中发出XHR请求时(我们来自主机A的内容向站点C发出请求,但是加载到站点B上的iframe中)。在站点C上必须允许哪些主机/来源才能通过?
答案 0 :(得分:0)
您在问题中所做的事情并不完全清楚,但规则相当简单:请求的来源基于代码运行的窗口。所以,如果该代码是在iframe的窗口中运行,原点是iframe的原点,而不是包含iframe的页面的来源。
所以如果你有:
+−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | [B] Page from http://example1.com | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | Content | | ... | | ... | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | [A] http://example2.com | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | | | Content | | | | ... | | | | ... | | | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+ | +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
...发出请求的代码在iframe(A)中,请求的来源是http://example2.com。