ajax 跨域

引用：http://www.qingniao.it/index.php?title=Jquery%E6%8F%92%E4%BB%B6ajaxfileupload%E7%9A%84%E4%B8%80%E6%AC%A1%E8%B7%A8%E5%9F%9F%E4%BD%93%E9%AA%8C

最近在项目中遇到一个非常棘手的问题，就是在为页面设置了document.domain时，ajaxfileupload出现跨域错误，究其原因是页面的domain被设置为网站根域（如qingniao.it）时，而ajaxfileupload post到的目标页面的域并非根域，而是一个二级的类似test.qingniao.it的域名，因此会引发无权限的错误。

花了2天的时间终于解决这个问题。

修改后的ajaxfileupload关键代码如下：

jQuery.extend({
  createUploadIframe: function(id, uri) {
    //create frame
    var frameId = 'jUploadFrame' + id;
    var iframeHtml = '<iframe id="' + frameId + '" name="' + frameId + '" style="position:absolute; top:-9999px; left:-9999px"';
    if (window.ActiveXObject) {
      if (typeof uri == 'boolean') {
        iframeHtml += ' src="' + 'javascript:false' + '"';
      } else if (typeof uri == 'string') {
        iframeHtml += ' src="' + uri + '"';
      }
    }
    iframeHtml += '></iframe>';
    jQuery(iframeHtml).appendTo(document.body);
    return jQuery('#' + frameId).get(0);
  },
  createUploadForm: function(id, fileElementId, data, crossDomain) {
    //create form 
    var formId = 'jUploadForm' + id;
    var fileId = 'jUploadFile' + id;
    var form = jQuery('<form action="" method="POST" name="' + formId + '" id="' + formId + '" enctype="multipart/form-data"></form>');
    if (data) {
      if(Object.prototype.toString.call( data ) === '[object Array]'){
        for (var i in data) {
          jQuery('<input type="hidden" name="' + data[i].name + '" value="' + data[i].value + '" />').appendTo(form);
        }
      } else {
        for (var i in data) {
          jQuery('<input type="hidden" name="' + i + '" value="' + data[i] + '" />').appendTo(form);
        }
      }
    }
    if(crossDomain) {
      try{document.domain=window.location.hostname.split('.').reverse().slice(0,2).reverse().join('.');}catch(e){}
      jQuery('<input type="hidden" name="callback" />').val("<script type='text/javascript'>try{document.domain=window.location.hostname.split('.').reverse().slice(0,2).reverse().join('.');}catch(e){}</script>").appendTo(form);
    }
    var oldElement = jQuery('#' + fileElementId);
    var newElement = jQuery(oldElement).clone();
    jQuery(oldElement).attr('id', fileId);
    jQuery(oldElement).before(newElement);
    jQuery(oldElement).appendTo(form);
 
    //set attributes
    jQuery(form).css('position', 'absolute');
    jQuery(form).css('top', '-1200px');
    jQuery(form).css('left', '-1200px');
    jQuery(form).appendTo('body');
    return form;
  },
  ajaxFileUpload: function(s) {
    //handle error
    var handleError = function(s, xhr, status, e) {
      // If a local callback was specified, fire it
      if (s.error) s.error(xhr, status, e);
      // Fire the global callback
      if (s.global) jQuery.event.trigger("ajaxError", [xhr, s, e]);
    };
    // TODO introduce global settings, allowing the client to modify them for all requests, not only timeout    
    s = jQuery.extend({},
    jQuery.ajaxSettings, s);
    var id = new Date().getTime();
    var form = jQuery.createUploadForm(id, s.fileElementId, (typeof(s.data) == 'undefined' ? false: s.data), s.crossDomain);
    var io = jQuery.createUploadIframe(id, s.secureuri);
    var frameId = 'jUploadFrame' + id;
    var formId = 'jUploadForm' + id;
    // Watch for a new set of requests
    if (s.global && !jQuery.active++) {
      jQuery.event.trigger("ajaxStart");
    }
    var requestDone = false;
    // Create the request object
    var xml = {};
    if (s.global) jQuery.event.trigger("ajaxSend", [xml, s]);
    // Wait for a response to come back
    var uploadCallback = function(isTimeout) {
      var io = document.getElementById(frameId);
      var execontent = function(){
        try {
          if (io.contentWindow) {
            xml.responseText = io.contentWindow.document.body ? io.contentWindow.document.body.innerHTML: null;
            xml.responseXML = io.contentWindow.document.XMLDocument ? io.contentWindow.document.XMLDocument: io.contentWindow.document;
          } else if (io.contentDocument) {
            xml.responseText = io.contentDocument.document.body ? io.contentDocument.document.body.innerHTML: null;
            xml.responseXML = io.contentDocument.document.XMLDocument ? io.contentDocument.document.XMLDocument: io.contentDocument.document;
          }
        } catch(e) {
          handleError(s, xml, null, e);
        }
        if (xml || isTimeout == "timeout") {
          requestDone = true;
          var status;
          try {
            status = isTimeout != "timeout" ? "success": "error";
            // Make sure that the request was successful or notmodified
            if (status != "error") {
              // process the data (runs the xml through httpData regardless of callback)
              var data = jQuery.uploadHttpData(xml, s.dataType);
              // If a local callback was specified, fire it and pass it the data
              if (s.success) s.success(data, status);
              // Fire the global callback
              if (s.global) jQuery.event.trigger("ajaxSuccess", [xml, s]);
            } else handleError(s, xml, status);
          } catch(e) {
            status = "error";
            handleError(s, xml, status, e);
          }
          // The request was completed
          if (s.global) jQuery.event.trigger("ajaxComplete", [xml, s]);
          // Handle the global AJAX counter
          if (s.global && !--jQuery.active) jQuery.event.trigger("ajaxStop");
          // Process result
          if (s.complete) s.complete(xml, status);
          jQuery(io).unbind();
          setTimeout(function() {
            try {
              jQuery(io).remove();
              jQuery(form).remove();
            } catch(e) {
              handleError(s, xml, null, e);
            }
          },
          100);
          xml = null;
        }
      };
      if(s.crossDomain) {
        var timer = window.setTimeout(function(){
          try{
            execontent();
          }catch(e){}
        },1000);
      } else {
        execontent();
      }
    };
    // Timeout checker
    if (s.timeout > 0) {
      setTimeout(function() {
        // Check to see if the request is still happening
        if (!requestDone) uploadCallback("timeout");
      },
      s.timeout);
    }
    try {
      var form = jQuery('#' + formId);
      jQuery(form).attr('action', s.url);
      jQuery(form).attr('method', 'POST');
      jQuery(form).attr('target', frameId);
      if (form.encoding) {
        jQuery(form).attr('encoding', 'multipart/form-data');
      } else {
        jQuery(form).attr('enctype', 'multipart/form-data');
      }
      jQuery(form).submit();
    } catch(e) {
      handleError(s, xml, null, e);
    }
    jQuery('#' + frameId).load(uploadCallback);
    return {
      abort: function() {}
    };
  },
  uploadHttpData: function(r, type) {
    var data = !type;
    data = type == "xml" || data ? r.responseXML: r.responseText;
    //fix <pre> bug, saoga!
    data = data.replace( /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/igm, '' ).replace(/<[^>]+>/g, "");
    //fix end
    // If the type is "script", eval it in global context
    if (type == "script") jQuery.globalEval(data);
    // Get the JavaScript object, if JSON is used.
    if (type == "json") eval("data = " + data);
    // evaluate scripts within html
    if (type == "html") jQuery("<div>").html(data).evalScripts();
    return data;
  }
});

解决步骤： 1. 使用ajaxfileupload的时候，增加一个参数：

crossDomain: true

2. 后台返回数据的时候，返回callback参数：

{ "flag":1, url:"http://...gif", callback:"..." }

注意：后台开发人员无需考虑callback里面是什么内容，只需要接收前端post过去的callback参数，直接返回即可。