跨域实现的方法有好多种:

JSONP

cores

document.domain

window.postMessage()


今天主要分析的是Cores的实现---------------------------------------------------------

cores---Cross-Orgin Resource Sharing,使用自定义的HTTP头部,让服务器声明那些来源是可以通过浏览器访问该服务器上的资源,从而决定请求是成功还是失败。

客户端:

<inputtype="button"value="测试开始"onclick="crossDomainRequest()"/><divid="content"></div><script>varcontent=document.getElementById('content');functioncrossDomainRequest(){content.innerHTML='请求开始';varurl='http://——————————————————';//创建ajax对象if(window.XMLHttpRequest){varxhr=newXMLHttpRequest();}else{varxhr=newActiveXObject("Microsoft.XMLHTTP");}if(xhr){//建立连接xhr.open('GET',url,true);//发送请求xhr.send();//预检请求xhr.setRequestHeader("POWERED-BY-MENGXIANHUI","Approve");xhr.setRequestHeader("Content-Type","application/xml");//带验证信息请求xhr.withCredentials="true";xhr.onreadystatechange=handler;}else{content.innerHTML='不能创建XHR对象';}}functionhandler(xhr){if(xhr.readyState==4){if(xhr.status==200){varresponse=xhr.responseText;content.innerHTML="请求结果"+response;}else{content.innerHTML="不允许跨域请求";}}else{content.innerHTML="readyState="+xhr.readyState;}}</script>


服务器端:

protectedvoidPage_Load(objectsender,EventArgse){if(Request.HttpMethod.Equals("GET")){Response.Write("这个页面是用来测试跨域POST请求的,直接浏览意义不大。");}elseif(Request.HttpMethod.Equals("OPTIONS")){//通知客户端允许预检请求。并设置缓存时间Response.ClearContent();Response.AddHeader("Access-Control-Allow-Origin","你的地址");Response.AddHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS");Response.AddHeader("Access-Control-Allow-Headers","POWERED-BY-MENGXIANHUI");Response.AddHeader("Access-Control-Max-Age","30");//此过程无需返回数据Response.End();}elseif(Request.HttpMethod.Equals("POST")){if(Request.Headers["Origin"].Equals("你的地址")){System.Xml.XmlDocumentdoc=newSystem.Xml.XmlDocument();doc.Load(Request.InputStream);Response.AddHeader("Access-Control-Allow-Origin","http://你的地址");Response.Write("您提交的数据是:<br/><br/>"+Server.HtmlEncode(doc.OuterXml));}else{Response.Write("不允许你的网站请求。");}}}

Access-Control-Allow-Origin //判断来源

setRequestHeader() //预检请求

withCredentials //带验证信息请求