关于同源政策......我可以这样做吗? [英] About same origin policy....Can I do this?
问题描述
我有一个站点 A,而站点 B 中有一个 JS.siteB JS 获取 siteB 域以在 AJAX POST 请求中返回 JSON.然后,根据siteB域中的信息,通过JS中的一些创建文档技术将siteB JS注入到站点A网站中.如果它违反了同源政策,还有其他建议吗?谢谢你.
I have a siteA, and JS in siteB. The siteB JS get the siteB domain to return JSON in AJAX POST request. Then, base on the information in siteB domain, and use the siteB JS inject into site A website via some create document technique in JS. If it is violate the same origin policy, any other suggestions? Thank you.
(我只有控制siteB的权利.)
(I only have the right to control siteB.)
推荐答案
人们在处理这类事情时通常会想到三个起源:
People generally think about three origins when dealing with this sort of thing:
- 页面 (http://example.com/)
- 脚本 (http://example.net/foo.js)
- 数据 (http://example.net/bar.json)
在确定是否使用相同"来源时,经常会混淆比较哪些.只有页面的来源和数据很重要.脚本本身从哪里加载是无关紧要的.
There is often confusion about which ones are compared when working out if the "same" origin is being used. Only the origin of the page and the data matter. Where the script itself is loaded from is irrelevant.
在这种情况下:
- 页面:A
- 脚本:B(无关)
- 数据:B
由于页面和数据来自不同的来源,您无法从页面读取数据.
Since the page and the data come from different origins, you cannot read the data from the page.
既然要发出 POST 请求:通过 A 代理 HTTP 请求.(JSON-P,另一种经典的跨域 Ajax 技术,严格限于 GET 请求.)
Since you want to make a POST request: Proxy the HTTP request through A. (JSON-P, the other classic cross-domain Ajax technique, is strictly limited to GET requests.)
您还可以考虑使用 跨源资源共享,它允许您覆盖同源策略,但浏览器支持有限.
You could also consider using Cross-Origin Resource Sharing which allows you to override the Same Origin Policy, but has limited browser support.
这篇关于关于同源政策......我可以这样做吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
