PHP 对比 JQuery Web api2
PHP Vs JQuery Web api2
好吧,这里的标题真的很糟糕,但我没有其他方式来解释我的服务器发生了什么。
我有一个普通的 web api2,新的。我安装了跨域,只放了
config.EnableCors();在 webapiconfig.
我有一个包含此方法的 MailController :
[HttpPost]//omUrl/{url?}
[Route(@"~/api/Mail/MailOpen")]
public void MailOpen()
{
try
{
File.Create(@"D:\Emails\Alive.html");
}
catch (Exception ex)
{
// ignored
}
}
和 运行 在与此主机的网络上:http://localhost:56212/
所以,我正在尝试 post 一些数据来检查跨域策略,我 post 使用此 php 代码:
<?php
$url = 'http://localhost:56212/api/Mail/MailOpen';
$data = array('Smtp' => 'value1', 'Subject' => 'value2');
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
var_dump($result);
?>
此代码到达服务器并创建 Alive.html,等待。这怎么可能我问我自己,我在这个控制器上还没有任何跨域策略?..
所以我尝试 运行 这个 javascript 代码 :
<script>
$.get(
"http://localhost:56212/api/Mail/MailOpen",
{ 'G': "aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c" }, // put your parameters here
function (responseText) {
console.log(responseText);
}
);
</script>
应该做同样的事情..但我得到这个错误:
jquery-1.11.2.min.js:4 GET http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c m.ajaxTransport.send @ jquery-1.11.2.min.js:4m.extend.ajax @ jquery-1.11.2.min.js:4m.each.m.(anonymous function) @ jquery-1.11.2.min.js:4m.extend.getJSON @ jquery-1.11.2.min.js:4(anonymous function) @ index.html:6
index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405.
这很正常,因为我还没有任何政策。
谁能告诉我为什么 php 有效而 jQuery return 出错?
全部。]
编辑:
嗯,这更糟糕..我刚刚看到我正在尝试使用 GET 到 post。
所以我将我的请求更改为 post,服务器接受了它并且成功了,它甚至创建了文件,但是给我一个错误 index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
怎么会报错还能正常工作呢?
更好的是,这到底是怎么回事!?
CORS 是一种特定于浏览器的安全机制。您的 PHP 不是典型的 Web 浏览器,不需要强制执行 CORS 策略。
来自维基百科:
The CORS standard describes new HTTP headers which provide browsers and servers a way to request remote URLs only when they have permission. Although some validation and authorization can be performed by the server, it is generally the browser's responsibility to support these headers and respect the restrictions they impose.
For AJAX and HTTP request methods that can modify data (usually HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.
好吧,这里的标题真的很糟糕,但我没有其他方式来解释我的服务器发生了什么。
我有一个普通的 web api2,新的。我安装了跨域,只放了
config.EnableCors();在 webapiconfig.
我有一个包含此方法的 MailController :
[HttpPost]//omUrl/{url?}
[Route(@"~/api/Mail/MailOpen")]
public void MailOpen()
{
try
{
File.Create(@"D:\Emails\Alive.html");
}
catch (Exception ex)
{
// ignored
}
}
和 运行 在与此主机的网络上:http://localhost:56212/
所以,我正在尝试 post 一些数据来检查跨域策略,我 post 使用此 php 代码:
<?php
$url = 'http://localhost:56212/api/Mail/MailOpen';
$data = array('Smtp' => 'value1', 'Subject' => 'value2');
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
var_dump($result);
?>
此代码到达服务器并创建 Alive.html,等待。这怎么可能我问我自己,我在这个控制器上还没有任何跨域策略?..
所以我尝试 运行 这个 javascript 代码 :
<script>
$.get(
"http://localhost:56212/api/Mail/MailOpen",
{ 'G': "aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c" }, // put your parameters here
function (responseText) {
console.log(responseText);
}
);
</script>
应该做同样的事情..但我得到这个错误:
jquery-1.11.2.min.js:4 GET http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c m.ajaxTransport.send @ jquery-1.11.2.min.js:4m.extend.ajax @ jquery-1.11.2.min.js:4m.each.m.(anonymous function) @ jquery-1.11.2.min.js:4m.extend.getJSON @ jquery-1.11.2.min.js:4(anonymous function) @ index.html:6 index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen?G=aa94a7cf-7794-41ff-b8d0-fcfe34fcb19c. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405.
这很正常,因为我还没有任何政策。
谁能告诉我为什么 php 有效而 jQuery return 出错?
全部。]
编辑:
嗯,这更糟糕..我刚刚看到我正在尝试使用 GET 到 post。
所以我将我的请求更改为 post,服务器接受了它并且成功了,它甚至创建了文件,但是给我一个错误 index.html:1 XMLHttpRequest cannot load http://localhost:56212/api/Mail/MailOpen. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
怎么会报错还能正常工作呢?
更好的是,这到底是怎么回事!?
CORS 是一种特定于浏览器的安全机制。您的 PHP 不是典型的 Web 浏览器,不需要强制执行 CORS 策略。
来自维基百科:
The CORS standard describes new HTTP headers which provide browsers and servers a way to request remote URLs only when they have permission. Although some validation and authorization can be performed by the server, it is generally the browser's responsibility to support these headers and respect the restrictions they impose. For AJAX and HTTP request methods that can modify data (usually HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.