获取POST的跨站点JSON响应的最佳实践?

时间:2022-01-19 11:19:35

I'm working on an intranet with several subdomains. I have control over each subdomain, so security of cross-site requests is not a concern. I have PHP scripts with JSON responses I'd like to call from multiple subdomains without duplication. For GET requests, I can do this with AJAX and JSONP, but that doesn't work with POST requests. Some alternatives I see, none of which seem very good:

我正在使用具有多个子域的Intranet。我可以控制每个子域,因此跨站点请求的安全性不是问题。我有带有JSON响应的PHP脚本我想从多个子域调用而不重复。对于GET请求,我可以使用AJAX和JSONP执行此操作,但这不适用于POST请求。我看到一些替代方案,其中没有一个看起来非常好:

  • POST to a copy on local subdomain with minimal response, then GET full response from central location with JSONP
  • 以最小的响应POST到本地子域的副本,然后使用JSONP从中心位置获取完整响应
  • Both POST and GET to a copy on local subdomain with JSON
  • POST和GET都是使用JSON在本地子域上的副本
  • Use mod_rewrite to use local URLs with a central script on back end with JSON
  • 使用mod_rewrite在后端使用带有JSON的*脚本的本地URL
  • Use symlinks to use local URLs with a central script on back end with JSON
  • 使用符号链接使用带有JSON的后端*脚本的本地URL

Am I missing something simpler? What would you do here?

我错过了一些简单的东西吗?你会在这做什么?

4 个解决方案

#1


2  

just look at this https://developer.mozilla.org/En/HTTP_access_control page. All what you need - add header to all you scripts that accept post request. Example:

只需看看这个https://developer.mozilla.org/En/HTTP_access_control页面。您需要的所有内容 - 为接受发布请求的所有脚本添加标头。例:

#2


2  

You could write a simple reflector at the server side. Add a script to each domain that simply passes your ajax request on to the appropriate domain. This script can be very simple (1 or 2 lines of code), avoids your cross site scripting issues and means you don't need to duplicate the complicated business logic in your existing scripts.

您可以在服务器端编写一个简单的反射器。向每个域添加一个脚本,只需将您的ajax请求传递到相应的域即可。此脚本可以非常简单(1或2行代码),避免了跨站点脚本问题,并且意味着您不需要在现有脚本中复制复杂的业务逻辑。

It will cause extra work for your server, but that may not be a problem for you.

它会为您的服务器带来额外的工作,但这对您来说可能不是问题。

The closest example code I can find on the sites I manage is the following. Here we needed to be able to use Googles Chart API on an HTTPS connection (which it does not support yet). The solution was to add the following script that passed the calls on...

我可以在我管理的网站上找到的最接近的示例代码如下。在这里,我们需要能够在HTTPS连接上使用Googles Chart API(它还不支持)。解决方案是添加以下脚本来传递调用...

<?php
// Set header so our output looks like a PNG
header("Content-Type: image/png");

// Reflect the image from googles chart API
echo file_get_contents('http://chart.apis.google.com/chart?'.$_SERVER['QUERY_STRING']);
?>

#3


0  

I use REST approach in such cases. Search google for more information about REST.

在这种情况下我使用REST方法。搜索谷歌有关REST的更多信息。

#4


0  

If they're all subdomains of the the same domain, you can just add this code to every page:

如果它们都是同一个域的子域,您只需将此代码添加到每个页面:

document.domain = 'domain.com';

Then, just use plain xmlHttpRequest.

然后,只使用普通的xmlHttpRequest。

#1


2  

just look at this https://developer.mozilla.org/En/HTTP_access_control page. All what you need - add header to all you scripts that accept post request. Example:

只需看看这个https://developer.mozilla.org/En/HTTP_access_control页面。您需要的所有内容 - 为接受发布请求的所有脚本添加标头。例:

#2


2  

You could write a simple reflector at the server side. Add a script to each domain that simply passes your ajax request on to the appropriate domain. This script can be very simple (1 or 2 lines of code), avoids your cross site scripting issues and means you don't need to duplicate the complicated business logic in your existing scripts.

您可以在服务器端编写一个简单的反射器。向每个域添加一个脚本,只需将您的ajax请求传递到相应的域即可。此脚本可以非常简单(1或2行代码),避免了跨站点脚本问题,并且意味着您不需要在现有脚本中复制复杂的业务逻辑。

It will cause extra work for your server, but that may not be a problem for you.

它会为您的服务器带来额外的工作,但这对您来说可能不是问题。

The closest example code I can find on the sites I manage is the following. Here we needed to be able to use Googles Chart API on an HTTPS connection (which it does not support yet). The solution was to add the following script that passed the calls on...

我可以在我管理的网站上找到的最接近的示例代码如下。在这里,我们需要能够在HTTPS连接上使用Googles Chart API(它还不支持)。解决方案是添加以下脚本来传递调用...

<?php
// Set header so our output looks like a PNG
header("Content-Type: image/png");

// Reflect the image from googles chart API
echo file_get_contents('http://chart.apis.google.com/chart?'.$_SERVER['QUERY_STRING']);
?>

#3


0  

I use REST approach in such cases. Search google for more information about REST.

在这种情况下我使用REST方法。搜索谷歌有关REST的更多信息。

#4


0  

If they're all subdomains of the the same domain, you can just add this code to every page:

如果它们都是同一个域的子域,您只需将此代码添加到每个页面:

document.domain = 'domain.com';

Then, just use plain xmlHttpRequest.

然后,只使用普通的xmlHttpRequest。