Geek Answers Handbook

Cross domain for different protocols

Edit: found Ajax answer here using https on http page

How can I bypass single source policies for different protocols?

I found this: https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript

It says http and https are not the same domain. Possible cross-subdomain method e.g.

document.domain = " https://company.com ";

in the caller’s document?

Of course, considering that both sites are located in company.com. The difference is that one uses http and the other https.

Or do I need to use the usual cross-domain methods like JSONP, proxies and CORS?

+5
source share
1

- , JSONP , .

Access-Control-Allow-Origin "*" , ..

PHP , php script (local) PHP URL- ajax.

PHP jQuery - .

, , Header set Access-Control-Allow-Origin "*" !

CSRF , , , /, .

, , , , Header set Access-Control-Allow-Origin "*"

script json .

HTML

<script type="text/javascript">
$.ajax({
 type: 'get',
 url: '/get_cross_domain.php',
 dataType: 'json',
 data: {
   'foo' = 'bar'
 },
 success: function( data ){
     console.log( data );
 }
});
</script>

, .

, .

get_cross_domain.php(cURL)

<?php
//initial output buffer
ob_start();
$ch = curl_init();
$options = array(
    CURLOPT_URL =>  'https://example.com/json_source.js',
    CURLOPT_RETURNTRANSFER => true
);
curl_setopt_array( $ch, $options );
$response = curl_exec( $ch );
curl_close( $ch );
$json = $response;
//send nothing but the json response
ob_start();
header( 'Content-Type: application/json' );
echo $json;
ob_flush();
//discard anything other than our json response.
while( ob_get_level > 0 ){
    ob_end_clean();
}
exit;

cUrl , , ..

get_cross_domain.php(include)

<?php
//requires allow_url_include=1 in php.ini
ob_start();
include( 'https://example.com/json_source.js' );
$json = ob_get_clean();
header( 'Content-Type: application/json' );
echo $json;
exit;
0

More articles:


All Articles