Github API 和 Access-Control-Allow-Origin-前端问题

Github API and Access-Control-Allow-Origin(Github API 和 Access-Control-Allow-Origin)

本文介绍了Github API 和 Access-Control-Allow-Origin的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

这可能是一个简单的(一系列)问题，但我无法理解它.

this probably is a simple (series of) question(s) but I can't wrap my head around it.

我正在尝试从我网站上托管的网络应用程序访问 github api.简而言之，这是代码:

I'm trying to access the github api from a web app hosted on my site. This is the code in a nutshell:

<!DOCTYPE html>
<html>
<head>
  <style>p { color:red; }</style>
  <script src="http://code.jquery.com/jquery-latest.js"></script>
  <script>
  $(document).ready(function () {

$.ajax( {url :'https://api.github.com/repos/janesconference/kievIIPlugins/commits', dataType: "json", cache: false, success: function (data, textStatus, jqXHR)
        {
            var lastCommitSha = data[0].sha;
            $("p").text("Last commit SHA: " + lastCommitSha);
        }
    });
});
  </script>

</head>
<body>
  <p>Ajax request not (yet) executed.</p>

</body>
</html>

如果我将浏览器指向在我的 Dropbox 帐户上上传的这个简单页面一切都好.相反，如果我将浏览器指向在我的网站上上传的这个简单页面，我会得到臭名昭著的 Access-Control-Allow-Origin 异常:

If I point my browser to this simple page uploaded on my dropbox account everything is ok. If, instead, I point my browser to this simple page uploaded on my site, I get the infamous Access-Control-Allow-Origin exception:

XMLHttpRequest cannot load https://api.github.com/repos/janesconference/kievIIPlugins/commits?_=1360060011783. Origin http://bitterspring.net is not allowed by Access-Control-Allow-Origin.

所以，问题:

为什么它可以在 Dropbox 上运行?
我了解使用 CORS 甚至可以在网站上使用.这是将 Access-Control-Allow-Origin: *.github.com 放在我的 Apache 配置或类似的东西上的问题.但是，正如 en.wiki 所引用的，

Why does it work on Dropbox?
I understand that with CORS it would work even on the website. This is a matter of putting Access-Control-Allow-Origin: *.github.com on my Apache configuration or something like that. But, as quoted from en.wiki,

但是，这可能不适合涉及安全问题的情况