_.ajax({?????? ?
??????? url:forumUrl + 'forum.php?mod=post&action=newthread&fid=2&extra=&topicsubmit=yes&inajax=1'
???????,post:1
???????,data:{
??????????? price:(_('price').type != 'hidden') ? _('price').value : 0
???????????,fid:fid
???????????,message:_('message').value
???????????,subject:_('subject').value
???????????,verify:_('dxVerify').value
???????????,formhash:window.dxFormHash
??????? }
???????,header:{
??????????? 'HTTP_REFERER':'http://community.chinahrd.net/' //需要设置crossdoman.xml允许设置head才不会出现安全拒绝提示,因为dx用到非法来源判断
??????? }
???????,ok:function(data) {
??????????? if (data.indexOf('<?xml') > -1) {//返回xml,只取div中内容,且去掉js标签,inajax返回数据在dx/template/common/showmessage.htm的msgtype=2
??????????????? data = /<div[sS]*</div>/i.exec(data).toString();//只取msg部分
??????????????? data = data.replace(/<script[Ss]*</script>/i,'');//去掉js
??????????????? _.showMaskDiv({htm:data});
??????????????? return;
??????????? } else? {
??????????????? _.showMaskDiv({htm:'提交失败'});
??????????? }???????? ?
??????? }
???????,fail:function(data) {
??????????? _.showMaskDiv({htm:'提交失败:' + data});
??????? }
???????,out:function(data) {
?????? ?
??????? }
??? });
?
今天想尝试是否能直接使用dx的发贴接口,不用自己写sql及判断往库中插入,直接走它的流程,测试时竟然发现使用到HTTP_REFERER来源的判断.
还好flash是支持修改这个头的.
<?xml version="1.0"?>
<cross-domain-policy>
? <allow-access-from domain="*.chinahrd.net" />
?<allow-http-request-headers-from domain="*.chinahrd.net" headers="HTTP_REFERER" />
</cross-domain-policy>
?
发现允许这么弄还是到了服务器边还是原来的,无法改变.
