Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
214 views
in Technique[技术] by (71.8m points)

jquery - cross domain ajax form post --- How is this allowed?

I am using jQuery and jQuery form plugin

There is a method in jQuery form plugin ajaxSubmit. You pass a form and then it submits it via ajax and you get a response. I am wondering how this is possible since the form is on a different server than the web page. (Different domains). It appears to work and I get back a response that I can process. How does this work?

domain form is hosted on (http://example.com)

form url: 127.0.0.1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
    <title>PHP Point Of Sale</title>
    <script src="<?php echo base_url('/assets/js/jquery.js'.'?'.APPLICATION_VERSION); ?>"></script>
    <script src="<?php echo base_url('js/jquery.form.js'.'?'.APPLICATION_VERSION); ?>"></script>
</head>

<body>

    <form id="formCheckout" method="post" action="<?php echo $form_url; ?>">
        <?php foreach($post_data as $key=>$value) { ?>
            <?php echo form_hidden($key, $value);?>
                <?php } ?>
    </form>

    <script>
        $("#formCheckout").ajaxSubmit({
            success: function(response) {
                console.log(response);
            }
        });
    </script>
</body>

</html>
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

If the server has a response header of 'Access-Control-Allow-Origin': '*' or something similar, it will return a response.

In short, this has nothing to do with jQuery, and has everything to do with the server.

In the case above, * is a wildcard representing all origins. But it could also specify a list of origins.

Keep in mind, even in CORS requests, you can always send a request to the server, and the server will always receive it. It will only return a response though if it wants to (in this case, with the access control header, it will.)

If the server didn't have that header, then you'll get the common error in the console saying that XMLHTTPRequest could not complete because the server does not allow cross-origin communication or whatever the heck it says.

It depends on the architecture the server is using, but if it's a Node.js server using Express (for example), you'd see something like this is the server.js file or wherever:

app.use(function(req, res) { res.header('Access-Control-Allow-Origin', '*') });

The approach would be vastly different on different sever architectures (like Apache), but the header is standardized as part of HTTP, so that part stays the same.

See AJAX Cross Domain for an example.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...