There is no way except to include the authentication cookie value / token in the query string e.g. :
buy.api.example.com/?sessionId=$sessionId&otherparameters=testand set your webservice to check the query string if cookies are not present.
标签:
基于同源策略安全性跨域会有阻止。
服务端指定返回
header("Access-Control-Allow-Origin: 只能指定具体域名不能*");
header("Access-Control-Allow-Credentials: true");
跨域设置cookie开启P3P
header(‘P3P: CP=" CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR "‘);
下面适用于非IE,可以实现跨域
$.ajax({
url:api_url + _url,
data:_params,
dataType:(_type ? "json" : "jsonp"),
type:(_type ? "POST" : "GET"),
crossDomain:true,
xhrFields:{
withCredentials:true
},
success:function(list){
if(list.Result == true){
if (_callback){
var func = TM[_callback];
if (typeof func == "function") {
func(list.Data);
}
}
}else{
if(list.Msg){
alert(list.Msg);
}else{
alert("操作失败");
}
}
},
error:function(){
alert("网络错误,请稍后重试");
}
});
http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
IE:针对IE8 IE9
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
var request = createCORSRequest("get", "http://www.nczonline.net/");
if (request){
request.onload = function(){
//do something with request.responseText
};
request.send();
}
其他方法:
|
|
There is no way except to include the authentication cookie value / token in the query string e.g. : buy.api.example.com/?sessionId=$sessionId&otherparameters=testand set your webservice to check the query string if cookies are not present. |
标签:
原文地址:http://www.cnblogs.com/timily/p/4190675.html
