为什么在使用 Google Maps API 时没有收到“同源策略"警告? [英] Why don't I get a 'same origin policy' warning when using the Google Maps API?

问题描述

我在 JavaScript 页面中进行 RESTful Web 服务调用并收到以下警告:

I'm making a RESTful web service call in my JavaScript page and get the following warning:

此页面正在访问不受其控制的信息.这会带来安全风险.要继续吗?"

"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"

现在我已经阅读并了解了跨域同源政策.但是，当我使用其他 API(例如 Google 的 Maps API)时，我不会收到此类警告.显然该域与我的本地域不同.有什么区别?

Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?

我最初的猜测是 Google 是使用 <script> 标签导入"到页面中的，而我的 REST 消费使用的是 XMLHttpRequest.如果是这种情况，这两种方法之间有什么区别，一种值得警告，另一种不值得?

My initial guess is that Google is 'imported' into the page using the <script> tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?

推荐答案

以下可能解释了一些事情:http://markmail.org/message/5wrphjwmo365pajy

The following might explain things: http://markmail.org/message/5wrphjwmo365pajy

此外，他们还使用了一些脚本技巧(例如，将脚本插入到 DOM 中以获取请求的数据，而不是 XHR).

Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).

这篇关于为什么在使用 Google Maps API 时没有收到“同源策略"警告?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！