通过 JSONP 访问 Cookie
我在 domain.com 中有一个页面,它向 anotherdomain.com 中的 URL 发出 JSONP ajax 请求(使用 jQuery 的 .getJSON() 函数) >。我认为(阅读:假设)anotherdomain.com 中的资源可以在服务器端访问该域中设置的任何 cookie,但情况似乎并非如此?
ajax 调用专门用于访问特定的 cookie、执行一些数据操作并返回由 cookie 值键入的丰富信息集。原始域无法直接访问 cookie 值,因此我认为 ajax 请求将维持我需要的状态。
我忽略了有关 cookie 的哪一条关键信息?我已经筋疲力尽了,只是没有看到它。
谢谢。
更新
我找到了一种方法,但在我看来它看起来像 JSONP,所以我想知道为什么这种方法可以工作,而 Ajax 版本却不能。该请求是否刚刚与浏览器会话断开连接,因此无法访问 cookie?
<script type="application/x-javascript" src="<?php echo $service_url . '&callback=interests' ?>"></script>
<script type="text/javascript">
function interests( data ) {
$( function() {
var c_behaviors = data.length;
var ids = [];
for( var i = 0; i < c_behaviors; i++ ) {
ids.push( data[i].behavior_id );
}
$('body').append( '<p><label>Returned:</label> ' + ids.join( ', ' ) + '</p>' );
});
}
</script>
I have a page in domain.com that makes a JSONP ajax request (using jQuery's .getJSON() function) to a URL in anotherdomain.com. I thought (read: assumed) that the resource in anotherdomain.com would have server-side access to any cookies set in that domain, but that doesn't seem to be the case?
The ajax call is being done specifically to access a particular cookie, do some data manipulation and return a rich set of information keyed by the cookie value. The original domain doesn't have direct access to the cookie value, so I thought that an ajax request would maintain the state I need.
Which pivotal piece of information about cookies am I overlooking? I'm exhausted and I'm just not seeing it.
Thanks.
UPDATE
I found a way of doing it, but it looks like JSONP to my eye, so I'm wondering why this way works while the Ajax version doesn't. Is the request just disconnected from the browser session so that no cookies are accessible?
<script type="application/x-javascript" src="<?php echo $service_url . '&callback=interests' ?>"></script>
<script type="text/javascript">
function interests( data ) {
$( function() {
var c_behaviors = data.length;
var ids = [];
for( var i = 0; i < c_behaviors; i++ ) {
ids.push( data[i].behavior_id );
}
$('body').append( '<p><label>Returned:</label> ' + ids.join( ', ' ) + '</p>' );
});
}
</script>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
同源策略适用到所有 ajax 请求,因此如果 ajax 调用中访问的域是与浏览器中加载的域 (document.host) 不同,与请求的 url 中的域关联的所有 cookie 将不会被发送。因此,JSONP 方法之所以有效,是因为它在窗口中写出一个新的脚本标记,其行为类似于浏览器向外部域发出的任何资源请求(因此传递与 url 中的域关联的所有 cookie)。我还通过简单地从我的 chrome 控制台调用
$.post("http://atdmt.com")来确认这一点,同时在浏览器中的 stackoverflow.com 上(唯一具有 cookie 的其他域)在我的浏览器中,在编写答案时)并且它没有在请求标头中发送任何cookie。解决 anotherdomain.com 维护状态问题的另一个解决方案是让 anotherdomain.com 设置第一方 cookie(通过不设置 cookie 的域属性) ),当向 anotherdomain.com 发出 ajax/json 请求时,通过 javascript 访问这些 cookie 并使用标准 HTTP 参数将它们推送到请求中。
希望我有所帮助。
The same origin policy applies to all ajax requests, so if the domain being accessed in an ajax call is different than the domain loaded in the browser (document.host), all cookies associated with the domain in the requested url will not be sent up. Therefore, the JSONP approach works because it writes out a new script tag in the window, which will behave like any resource request a browser could make to an external domain (hence passing all the cookies associated with the domain in the url). I have also confirmed this by simply calling
$.post("http://atdmt.com")from my chrome console, while on stackoverflow.com in the browser (the only other domain that had cookies in my browser, while writing up the answer) and it did not send up any cookies in the request headers.Another solution to get around the problem of maintaining state for anotherdomain.com would be to have anotherdomain.com set a first party cookie (by not setting the domain attribute of the cookie) and when an ajax/json request is made to anotherdomain.com access those cookies via javascript and push them up the request using standard HTTP params.
Hope I have helped.
我以前也遇到过同样的问题。我发现的问题是,当不满足同源策略时,大多数浏览器不会让您建立会话(即设置会话 cookie)。
I have encountered the same problem before. The issue I found is that most browsers won't let you ESTABLISH a session (i.e. set a session cookie) when the same origin policy isn't being met.