为什么在使用 Google Maps API 时没有收到“同源策略"警告? [英] Why don't I get a 'same origin policy' warning when using the Google Maps API?
问题描述
我在 JavaScript 页面中进行 RESTful Web 服务调用并收到以下警告:
I'm making a RESTful web service call in my JavaScript page and get the following warning:
此页面正在访问不受其控制的信息.这会带来安全风险.要继续吗?"
"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"
现在我已经阅读并了解了跨域同源政策.但是,当我使用其他 API(例如 Google 的 Maps API)时,我不会收到此类警告.显然该域与我的本地域不同.有什么区别?
Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?
我最初的猜测是 Google 是使用 <script>
标签导入"到页面中的,而我的 REST 消费使用的是 XMLHttpRequest.如果是这种情况,这两种方法之间有什么区别,一种值得警告,另一种不值得?
My initial guess is that Google is 'imported' into the page using the <script>
tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?
推荐答案
以下可能解释了一些事情:http://markmail.org/message/5wrphjwmo365pajy
The following might explain things: http://markmail.org/message/5wrphjwmo365pajy
此外,他们还使用了一些脚本技巧(例如,将脚本插入到 DOM 中以获取请求的数据,而不是 XHR).
Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).
这篇关于为什么在使用 Google Maps API 时没有收到“同源策略"警告?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!