我有2域(域A,域B)。
I have 2 domains (domain A, domain B).
在域A放在ZF2应用程序,一切正常。
On domain A is placed ZF2 application, and everything is ok.
在域B放置目标网页(小网站表单收集数据)。
On domain B is placed Landing Page (small site with form to collect data).
从登录页面我要发送表单数据域A(AJAX请求)的应用程序。
From Landing Page I want send form data to application on domain A (AJAX Request).
在域A很遗憾ZF2应用程序没有接收数据,并没有显示出结果。 一切正常,当我把AJAX请求来自同一个域,其中ZF2程序是。
Unfortunatelly ZF2 app on domain A didn't receive data, and didn't show results. Everything is ok when I make AJAX Request from same domain where ZF2 app is.
我试着使用JSONP但没有成功。
I tried use JSONP but without success.
我没有任何其他线索,如何迫使这个工作。
I don't have any other clue how to force this to work.
由于Bodgan的回答说,这是一个浏览器的安全问题,而不是ZF2问题。一种流行的方式来解决它是改变访问控制 - 允许原产地
您的域A的允许从域B的请求这和其他解决方案的讨论Mozilla开发者网络(MDN)页 HTTP访问控制(CORS)。
As Bodgan's answer stated, this is a browser security issue rather than a ZF2 issue. One popular way to get around it is to change the ACCESS-CONTROL-ALLOW-ORIGIN
of your domain A to allow requests from domain B. This and other solutions are discussed on the Mozilla Developer Network (MDN) page for HTTP access control (CORS).
基本上你需要告诉接收服务器(域A),它是好的,为资源的请求作出回应。您可以在的.htaccess
文件放置在域A下面的Web根目录做一些简单的示例code,表示为域A,它应该响应从所有域资源共享的要求: *
。该MDN给出的链接进入一个更深入的讨论跨域资源共享(CORS)。请记住,有安全隐患,而且在大多数情况下,你不希望从打开你的服务器的请求 *
的起源,而是由自己控制的特定主机
Basically you need to indicate to the receiving server (domain A) that it is okay to respond to requests for resources. You can do this within a .htaccess
file placed in the web root of domain A. Below is some simple sample code that indicates to domain A that it should respond to resource sharing requests from all domains: *
. The MDN article linked to above goes into a more in-depth discussion of "Cross-Origin Resource Sharing (CORS)". Keep in mind that there are security implications, and in most scenarios you do not want to open up your server to requests from *
origins, but rather to a specific host controlled by yourself.
Options +FollowSymlinks
RewriteEngine on
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"