JavaScript 同源策略 - 它如何应用于不同的子域?
同源策略如何应用于以下两个域?
如果内容是从 server2 检索的,我可以在 server1 托管的页面上运行 JS 吗?
编辑根据下面丹尼尔的回答,我可以使用
How does the Same Origin Policy apply to the following two domains?
Can I run JS on a page hosted on server1, if the content is retreived from server2?
edit according to Daniel's answer below, I can include scripts between different subdomains using the <script> tag, but what about asynchronous requests? What if I download a script from server2 onto the page hosted on server1. Can I use the script to communicate asynchronously with a service on server2?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您只能使用
使用
http://www.example.com/dir/page.html作为源(来自维基百科):更新:
是的,您可以使用 JSONP,它利用了
< script>标签用于从其他来源检索 JSON。您可能还需要考虑使用反向代理,如以下 Stack Overflow 帖子中所述:
You can only include scripts between different subdomains using the
<script>tag, as it is exempt from the policy.Using
http://www.example.com/dir/page.htmlas source (from Wikipedia):UPDATE:
Yes, you can with JSONP, which takes advantage of the open policy for
<script>tags to retrieve JSON from other origins.You may also want to consider using a reverse proxy, as desribed in the following Stack Overflow post:
当然,您可以运行插入的任何脚本,而不必关心它来自哪里。考虑如何在您的页面上插入谷歌地图。
您所描述的是一种名为 jsonp 的模式。其他主机上的服务器返回您在页面中插入的脚本,并且该脚本使用响应参数调用页面中的函数。
Sure, you can run any script that you insert on your never mind where it comes from. Think about how to insert a google map on your page.
What your describe is a pattern called jsonp. Where a server on a other host returns a script you insert in your page and the script calls a function in your page with the response arguments.