´ë·«Àû ³»¿ë¸¸ Á¤¸®ÇÕ´Ï´Ù.
°³¿ä
- º¸¾È»ó ¹®Á¦·Î ¾î´À ½Ã±â ºÎÅÍ À¥ ºê¶ó¿ìÀúµéÀÌ AJAX ·Î ¿ÜºÎ host ·Î Á¢¼ÓÇÏ´Â °É ¸·±â ½ÃÀÛÇß½À´Ï´Ù.
- ¿¹¸¦ µé¾î AJAX ·Î http://www.google.com ¿Í °°ÀÌ ¿ÜºÎ host url ·Î Á¢¼ÓÇÏ´Â°Ô ºÒ°¡´É ÇØÁö°í /relative-path/mypage.html °ú °°ÀÌ ÇöÀç host ÀÇ ÇϺΠ°æ·Î·Î¸¸ Á¢±Ù °¡´ÉÇÕ´Ï´Ù.
CORS °¡ ÇÊ¿äÇÑ ½ÃÁ¡
- ±×·¯³ª AJAX ·Î ¿ÜºÎ Á¢±ÙÀÌ ÇÊ¿äÇÑ °æ¿ì¿¡ Response header ¿¡ field ¸¦ Ãß°¡ÇÏ¿© Á¢±Ù Çã¿ë ¹üÀ§¸¦ Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù
- Header field ¿¡ Access-Control-Allow-Origin ¸¦ Ãß°¡ÇØ ÁÝ´Ï´Ù.
- Access-Control-Allow-Origin: http://www.example-social-network.com
- À§¿Í °°ÀÌ Æ¯Á¤ host ·Î ºÎÅÍ Á¢±ÙÀ» Çã¿ëÇÒ ¼öµµ ÀÖ°í ¾Æ·¡¿Í °°ÀÌ ¸ðµç Á¢±ÙÀ» Çã¿ëÇÒ ¼öµµ ÀÖ½À´Ï´Ù.
- Access-Control-Allow-Origin: *
Å×½ºÆ® ¹æ¹ý
- 2´ëÀÇ PC (IP ÁÖ¼Ò°¡ ´Ù¸¥ 2´ëÀÇ ¼¹ö ȯ°æ) ¿¡ ¼¹ö¸¦ ±¸µ¿ÇÕ´Ï´Ù.
- 192.168.0.2 ¿Í 192.168.0.3 IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ´Â ¼¹ö°¡ ÀÖ´Ù°í °¡Á¤ÇÕ´Ï´Ù.
- 192.168.0.2 ¼¹öÀÇ À¥ ÆäÀÌÁö¿¡ Á¢¼ÓÇؼ AJAX ·Î 192.168.0.3 ¼¹öÀÇ À¥ ÆäÀÌÁö¸¦ Á¢±Ù ÇÏ°Ú½À´Ï´Ù.
192.168.0.2 (Apache tomcat)
ÆÄÀÏ : cors.jsp<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>CORS test</title>
<style type="text/css">
#result {border:solid 1px black;}
</style>
<script type="text/javascript">
function $(obj) {
return (obj instanceof String || typeof obj === "string") ? document.getElementById(obj) : obj;
}
function getXMLHttpRequest() {
if (window.ActiveXObject) {
try {
return new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
return new ActiveXObject("Microsoft.XMLHTTP");
} catch (e1) {
return null;
}
}
} else if (window.XMLHttpRequest) {
return new XMLHttpRequest();
} else {
return null;
}
}
function action(url) {
var ajax = getXMLHttpRequest();
ajax.onreadystatechange = function() {
switch (ajax.readyState) {
case 1:
case 2:
case 3:
break;
case 4:
if (ajax.status === 200) {
$("result").innerHTML = ajax.responseText.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/\r/g, "").replace(/\n/g, "<br />");
} else {
$("result").innerHTML = "AJAX request failed with status code: " + ajax.status;
}
break;
}
};
ajax.open("GET", url, true);
ajax.send();
}
</script>
</head>
<body>
<h1>CORS test</h1>
<button onclick="action('http://192.168.0.3/apps/hello.html');return false;">Action</button>
<div id="result">
...
</div>
</body>
</html>
192.168.0.3 (apache + php)
ÆÄÀÏ : apps/hello.html<?php
header('Access-Control-Allow-Origin:*');
?>
<!DOCTYPE html>
<html>
<head>
<title>Hello</title>
</head>
<body>
<h1>Hello</h1>
<p>If you get this message via AJAX request, you are allowed to access me.</p>
</body>
</html>
Å×½ºÆ® °á°ú
- http://192.168.0.2:8080/MyApp/cors.jsp ¿¡ Á¢¼ÓÇؼ Action ¹öÆ°À» ´©¸£¸é 192.168.0.3 ¼¹öÀÇ apps/hello.html ÆÄÀÏ¿¡ Á¢±ÙÇؼ ÇØ´ç ³»¿ëÀ» div ¿¡ Ç¥½ÃÇÕ´Ï´Ù.
- 192.168.0.3 ¼¹öÀÇ apps/hello.html ÀÇ ¾Æ·¡ ºÎºÐÀ» ÁÖ¼® ó¸®ÇÏ¸é ¾Æ·¡¿Í °°ÀÌ ½ÇÆÐÇÒ °ÍÀÔ´Ï´Ù.
//header('Access-Control-Allow-Origin:*');
?>
Firefox ·Î Å×½ºÆ® ÇÏ¿´½À´Ï´Ù.
ÆÁ
JSP ÆäÀÌÁö¿¡ header ¸¦ Ãß°¡ÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ½À´Ï´Ù.
<%
response.addHeader("Access-Control-Allow-Origin", "*");
%>