同源策略,Javascript / jQuery AJAX和检索RSS XML提要

时间:2022-04-06 01:05:22

I came across a problem using jQuery to retrieve an RSS feed located on an external domain. It was working in Safari but other browsers would error because of Same Origin Policy restrictions (which are also documented about the $.ajax() function).

我遇到了一个问题,使用jQuery来检索位于外部域的RSS源。它在Safari中工作,但由于同源策略限制(其中也记录了$ .ajax()函数),其他浏览器会出错。

Wanna know how I fixed it?

想知道我是怎么修的吗?

2 个解决方案

#1

3  

There are three ways to get around the Same-Origin Policy:

有三种方法可以绕过同源政策:

  1. Proxy -- as Strawberry Sheurbert did, perfectly effective but a waste of bandwidth and computing power
  2. 代理 - 正如草莓Sheurbert所做的那样,完全有效但却浪费了带宽和计算能力
  3. JSONP -- loading the data through the script tag. Needs cooperation from source website and basically hackish and clumsy.
  4. JSONP - 通过脚本标记加载数据。需要源网站的合作,基本上是hackish和笨拙。
  5. CORS -- the "right" way, elegant and nuanced, but needs a lot of cooperation from source website and doesn't work with older browsers.
  6. CORS - “正确”的方式,优雅而细致,但需要源网站的大量合作,不适用于旧浏览器。

You pays your money and you takes your chance.

你支付你的钱,你抓住机会。

#2

-2  

I made a simple PHP script like so:

我做了一个简单的PHP脚本,如下所示:

<?php

/*
    fetch.php fixes this issue: http://en.wikipedia.org/wiki/Same_origin_policy

    Read more:
        *   http://api.jquery.com/jQuery.ajax/
        *   http://*.com/questions/3595515/xmlhttprequest-error-origin-null-is-not-allowed-by-access-control-allow-origin
        *   http://*.com/questions/1653308/access-control-allow-origin-multiple-origin-domains
*/

// Requires URL
if ( !isset($_REQUEST['url']) || empty($_REQUEST['url']) ) exit( 'No url specified' );

// Set content-type
$type = 'application/rss+xml; charset=utf-8;';
if ( isset($_REQUEST['type']) && !empty($_REQUEST['type']) ) {
    $type = urldecode($_REQUEST['type']);
}

// Adapted from http://www.howtogeek.com/howto/programming/php-get-the-contents-of-a-web-page-rss-feed-or-xml-file-into-a-string-variable/
function get_url_contents( $url ){
    if ( function_exists('curl_init') ) {
        $crl = curl_init();
        $timeout = 5;
        curl_setopt ($crl, CURLOPT_URL, $url);
        curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout);
        $ret = curl_exec($crl);
        curl_close($crl);
        return $ret;
    } else {
        return file_get_contents( $url );
    }
    return 'Could not retrieve url';
}

// Output content from url
header( 'Content-type: ' . $type );
echo get_url_contents( urldecode($_REQUEST['url']) );


?>

It's pretty rubbish looking, but it works well enough for the moment. I hope it helps.

这看起来非常垃圾,但目前它的效果还不错。我希望它有所帮助。

#1

3  

There are three ways to get around the Same-Origin Policy:

有三种方法可以绕过同源政策:

  1. Proxy -- as Strawberry Sheurbert did, perfectly effective but a waste of bandwidth and computing power
  2. 代理 - 正如草莓Sheurbert所做的那样,完全有效但却浪费了带宽和计算能力
  3. JSONP -- loading the data through the script tag. Needs cooperation from source website and basically hackish and clumsy.
  4. JSONP - 通过脚本标记加载数据。需要源网站的合作,基本上是hackish和笨拙。
  5. CORS -- the "right" way, elegant and nuanced, but needs a lot of cooperation from source website and doesn't work with older browsers.
  6. CORS - “正确”的方式,优雅而细致,但需要源网站的大量合作,不适用于旧浏览器。

You pays your money and you takes your chance.

你支付你的钱,你抓住机会。

#2

-2  

I made a simple PHP script like so:

我做了一个简单的PHP脚本,如下所示:

<?php

/*
    fetch.php fixes this issue: http://en.wikipedia.org/wiki/Same_origin_policy

    Read more:
        *   http://api.jquery.com/jQuery.ajax/
        *   http://*.com/questions/3595515/xmlhttprequest-error-origin-null-is-not-allowed-by-access-control-allow-origin
        *   http://*.com/questions/1653308/access-control-allow-origin-multiple-origin-domains
*/

// Requires URL
if ( !isset($_REQUEST['url']) || empty($_REQUEST['url']) ) exit( 'No url specified' );

// Set content-type
$type = 'application/rss+xml; charset=utf-8;';
if ( isset($_REQUEST['type']) && !empty($_REQUEST['type']) ) {
    $type = urldecode($_REQUEST['type']);
}

// Adapted from http://www.howtogeek.com/howto/programming/php-get-the-contents-of-a-web-page-rss-feed-or-xml-file-into-a-string-variable/
function get_url_contents( $url ){
    if ( function_exists('curl_init') ) {
        $crl = curl_init();
        $timeout = 5;
        curl_setopt ($crl, CURLOPT_URL, $url);
        curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout);
        $ret = curl_exec($crl);
        curl_close($crl);
        return $ret;
    } else {
        return file_get_contents( $url );
    }
    return 'Could not retrieve url';
}

// Output content from url
header( 'Content-type: ' . $type );
echo get_url_contents( urldecode($_REQUEST['url']) );


?>

It's pretty rubbish looking, but it works well enough for the moment. I hope it helps.

这看起来非常垃圾,但目前它的效果还不错。我希望它有所帮助。

标签:

相关文章