問題描述

這可能是一個(gè)簡單的(一系列)問題，但我無法理解它.

this probably is a simple (series of) question(s) but I can't wrap my head around it.

我正在嘗試從我網(wǎng)站上托管的網(wǎng)絡(luò)應(yīng)用程序訪問 github api.簡而言之，這是代碼:

I'm trying to access the github api from a web app hosted on my site. This is the code in a nutshell:

<!DOCTYPE html>
<html>
<head>
  <style>p { color:red; }</style>
  <script src="http://code.jquery.com/jquery-latest.js"></script>
  <script>
  $(document).ready(function () {

$.ajax( {url :'https://api.github.com/repos/janesconference/kievIIPlugins/commits', dataType: "json", cache: false, success: function (data, textStatus, jqXHR)
        {
            var lastCommitSha = data[0].sha;
            $("p").text("Last commit SHA: " + lastCommitSha);
        }
    });
});
  </script>

</head>
<body>
  <p>Ajax request not (yet) executed.</p>

</body>
</html>

如果我將瀏覽器指向在我的 Dropbox 帳戶上上傳的這個(gè)簡單頁面一切都好.相反，如果我將瀏覽器指向 在我的網(wǎng)站上 上傳的這個(gè)簡單頁面，我會得到臭名昭著的 Access-Control-Allow-Origin 異常:

If I point my browser to this simple page uploaded on my dropbox account everything is ok. If, instead, I point my browser to this simple page uploaded on my site, I get the infamous Access-Control-Allow-Origin exception:

XMLHttpRequest cannot load https://api.github.com/repos/janesconference/kievIIPlugins/commits?_=1360060011783. Origin http://bitterspring.net is not allowed by Access-Control-Allow-Origin.

所以，問題:

• 為什么它可以在 Dropbox 上運(yùn)行?
• 我了解使用 CORS 甚至可以在網(wǎng)站上使用.這是將 Access-Control-Allow-Origin: *.github.com 放在我的 Apache 配置或類似的東西上的問題.但是，正如 en.wiki 所引用的，

• Why does it work on Dropbox?
• I understand that with CORS it would work even on the website. This is a matter of putting Access-Control-Allow-Origin: *.github.com on my Apache configuration or something like that. But, as quoted from en.wiki,

但是，這可能不適合涉及安全問題的情況

However, this might not be appropriate for situations in which security is a concern

• 有沒有辦法在不更改 Apache 配置的情況下做到這一點(diǎn)?可能，我無法觸摸托管站點(diǎn)的 Apache conf，并且總是存在安全問題.這樣做的正確方法是什么?

推薦答案

為了讓 CORS 為您的網(wǎng)站工作(例如 http://example.com)，您必須通過在此處創(chuàng)建 GitHub OAuth 應(yīng)用程序來啟用它:https://github.com/settings/applications

In order to get CORS working for your site (e.g. http://example.com), you have to enable it by creating a GitHub OAuth application here: https://github.com/settings/applications

由于您使用 GitHub 應(yīng)用程序來使 CORS 工作(不使用它來啟用 OAuth 本身)，您只需在創(chuàng)建申請表"的所有三個(gè)字段中輸入您網(wǎng)站的 URL:

Since you are using a GitHub applications to get CORS to work (not using it for enabling OAuth itself), you can just enter your site's URL in all three fields in the "Create Application form":

• 名稱:http://example.com
• 網(wǎng)址:http://example.com
• 回調(diào)網(wǎng)址:http://example.com

請注意，如果您打算使用 OAuth 功能，則需要以不同的方式設(shè)置回調(diào) URL.

Note that if you intend to use OAuth functionality, you need to setup Callback URL differently.

在此之后，您應(yīng)該能夠從您的站點(diǎn) http://example.com 向 GitHub API 發(fā)送 AJAX 請求.

After this, you should be able to send AJAX requests to GitHub APIs from your site http://example.com.

這篇關(guān)于Github API 和 Access-Control-Allow-Origin的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！

【網(wǎng)站聲明】本站部分內(nèi)容來源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題，如果有圖片或者內(nèi)容侵犯了您的權(quán)益，請聯(lián)系我們刪除處理，感謝您的支持！