There is no way except to include the authentication cookie value / token in the query string e.g. :
buy.api.example.com/?sessionId=$sessionId&otherparameters=testand set your webservice to check the query string if cookies are not present.
基于同源策略安全性跨域会有阻止。
服务端指定返回
header("Access-Control-Allow-Origin: 只能指定具体域名不能*");
header("Access-Control-Allow-Credentials: true");
跨域设置cookie开启P3P
header(‘P3P: CP=" CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR "‘);
下面适用于非IE,可以实现跨域
$.ajax({ url:api_url + _url, data:_params, dataType:(_type ? "json" : "jsonp"), type:(_type ? "POST" : "GET"), crossDomain:true, xhrFields:{ withCredentials:true }, success:function(list){ if(list.Result == true){ if (_callback){ var func = TM[_callback]; if (typeof func == "function") { func(list.Data); } } }else{ if(list.Msg){ alert(list.Msg); }else{ alert("操作失败"); } } }, error:function(){ alert("网络错误,请稍后重试"); } });
http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
IE:针对IE8 IE9
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
var request = createCORSRequest("get", "http://www.nczonline.net/");
if (request){
request.onload = function(){
//do something with request.responseText
};
request.send();
}
其他方法:
|
There is no way except to include the authentication cookie value / token in the query string e.g. : buy.api.example.com/?sessionId=$sessionId&otherparameters=testand set your webservice to check the query string if cookies are not present. |
原文:http://www.cnblogs.com/timily/p/4190675.html