http://www.app.in 和 http://app.in 之间的区别
http://www.app.com 和 http://app.com
以及它如何影响 Ajax 的跨域策略
我的意思是我在应用程序中添加了 ajax 请求
$.ajax({
type: "POST",
url: "http://app.in/getToken",
contentType: "text/html",
success: function(msg) {
alert(msg);
}
});
,它在 chrome 中工作,但在 firefox 中不起作用
有什么问题?
谢谢
What is the difference between http://www.app.com and http://app.com
and how it affects to cross-domain policy of Ajax
I mean i added ajax request in app
$.ajax({
type: "POST",
url: "http://app.in/getToken",
contentType: "text/html",
success: function(msg) {
alert(msg);
}
});
it works in chrome but not in firefox
Whats the issue?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请参阅Michal Zalewski 浏览器安全手册中的“同源策略”章节。在同源策略下,www.example.com 与 example.com 是不同的域。
正如 Deanna 指出的,如果子域将其
document.location设置为更高的域,脚本可以通过 iframe 或单独的窗口相互通信。但是,设置document.location对 XMLHttpRequest 没有影响;域和子域不能直接向对方发送 XMLHttpRequest。See the Same Origin Policy chapter of Michal Zalewski's Browser Security Handbook. www.example.com is a different domain than example.com under same-origin policy.
As Deanna points out, scripts can communicate with each other through iframes or separate windows if the subdomain sets its
document.locationto the higher domain. However, settingdocument.locationhas no effect on XMLHttpRequests; the domain and subdomain cannot send XMLHttpRequests directly to each other.它们是不同的站点。
IIRC,您可以向每个站点添加一个标签,上面写着 XSS 的“这是同一个站点”,但我不记得详细信息或它的标准程度。
解决方案是使用相对 URL。
They are different sites.
IIRC, there is a tag you can add to each site saying "this is the same site" for XSS but I can't remember detaisl or how standard it was.
As for a solution, use relative URLs.