问题描述
我有一个带有iFrame的外部HTML文档(subdomain1.server-a.de)和一个内部HTML文档(subdomain2.server-a.de).内部脚本应发送&接收对subdomain2.server-a.de的AJAX请求.我已经将两个文档的document.domain-value都设置为"server-a.de"-到目前为止,效果很好,在所有经过测试的浏览器(FF/Chrome/Opera)中都可以正常运行.现在,我将脚本移动到具有相同子域的server-b.de,并将两个文档上的document.domain都设置为"server-b.de".在FF和Chrome中仍然可以使用,但是Opera在尝试从外部文档调用我的AJAX函数时给了我一个安全错误:试图读取保护变量:xy".
到目前为止,我的结论是:我不能违反相同的域策略,因为那样FF和Chrome都不会从外部与内部文档进行通信.我还尝试了在Opera中重点关注跨域Ajax a>具有间隔功能,同样存在问题.
非常感谢每个提示.
更新:我已经为此建立了一个测试站点.如果您访问此网站,您会看到它甚至在Opera中也可以使用(对话框几秒钟后弹出测试已调用".现在,如果您将外框文件"operatest.html"和jquery复制到另一台服务器上-因此在我的情况下它必须可以工作-您会看到FF和Chrome没问题,但是Opera却有问题. /p>
Opera是否在比较服务器详细信息以实现相同的原产地政策?如果两个子域的IP地址不匹配,还是拒绝访问?
在父级和不同子域上的iframe之间进行JS调用时,存在同样荒唐的问题-可以在所有地方使用,但在Opera下失败,出现上述错误. >
删除〜/.opera文件夹(Linux中的Opera设置文件夹)解决了这个问题,这是另一个非常奇怪的问题.
干杯.
I have a outer HTML-document (subdomain1.server-a.de) with an iFrame and inner HTML-document (subdomain2.server-a.de). The inner script should send & receive AJAX-requests to subdomain2.server-a.de. I've set the document.domain-value for both documents to "server-a.de" - so far, so good, works well in all tested browsers (FF/Chrome/Opera). Now I move the scripts to server-b.de with same subdomains and set the document.domain on both documents to "server-b.de". That still works in FF and Chrome, but Opera gives me a "Security error: attempted to read protected variable: xy" when trying to call my AJAX function from the outer document.
My conclusion so far: I can't violate the same domain policy, because then FF and Chrome wouldn't communicate with the inner document from outside either. I've also tried the solution from Focus with Cross-domain Ajax in Opera with the interval function, same issue.
Thanks a lot in advance for every hint.
UPDATE: I have set up a testing site for this. If you go to this site, you'll see, it works even with Opera (a dialog pops up with "Test called" after a few seconds). Now, if you copy the outer frame files "operatest.html" and jquery to another server - so it has to work in my case - you'll see, that FF and Chrome don't have a problem, but Opera has.
Is Opera comparing server details in order to fulfill the same origin policy? Or will it deny access, if ip adresses of both subdomains don't match?
Had the same absurd issue with JS calls between parent and an iframe on a different subdomain - worked everywhere, but failed under Opera with the above mentioned error.
Removing ~/.opera folder (Opera settings folder in Linux) solved this, and another one very weird problem.
Cheers.
这篇关于从服务器A移到服务器B之后,Opera 11.01的JS安全问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!