为什么我不能加载从jQuery的load方法外部资源? [英] Why cant I load an external resource from jQuery load method?
问题描述
在学习使用jQuery Ajax请求的过程中,我试图加载谷歌主页上的链接的点击。所以我写的是这样的:
In the process of learning Ajax requests using jQuery, I tried to load google home page on the click of a link. So I wrote something like:
$("#ajax").click (function (event) {
$("#g").html("Loading...");
$("#g").load("http://www.google.com");
event.preventDefault ();
});
和身体的某个地方:
<a id="ajax" href="http://www.google.com">Load file ajax way</a>
<div id="g">Click the above link to load the page...</div>
没有工作,最初我以为有一些语法错误什么的。可是后来,当我取代了谷歌URL与服务器上的静态HTML文件,它工作正常。
Which didn't work and initially I thought there is some syntax error or something. But later when I replaced the google url with a static html file on server, it worked correctly.
$("#g").load("Temp.htm");
它是设计工作,像这样的(如果是,为什么?)还是我做错了什么?
Is it designed to work like this (if yes, why?) or am I doing something wrong?
编辑:请谁能解释(或参照)通过跨域Ajax调用引入安全问题?换句话说,为什么它是安全地打开另一个浏览器选项卡,打开谷歌,但没有从内页?难道是保护主叫或被叫?
Please can anyone explain (or refer) the security problem introduced by cross domain ajax calls? In other words, why it is safe to open another browser tab and open google but NOT from within the page? Is it to protect caller or callee?
推荐答案
jQuery使用了Ajax(XMLHtt prequest)请求加载数据,但浏览器可以让本作在同一个域中的资源。 (以上答案提同源策略)。这就是为什么它Temp.htm的作品,而不是www.google.com。
Jquery uses an ajax (XMLHttpRequest) request to load the data, but the browser allows this for resources on the same domain. (The answers above mention the Same origin policy). That's why it works with Temp.htm, but not www.google.com.
-
要解决这个问题的方法之一是创建一个服务器脚本,将加载的页面为你 - 基本上是一个代理。然后调用
One way to get around this is to create a server script that will load the page for you - basically a proxy. Then you call
$('#g').load("load.php?url=google.com")
另一个解决方案是使用iframe通信 - 我发现了这个库,这似乎是你所需要的: jQuery的-横架
第三个选项是<一个href="http://docs.jquery.com/Release:jQuery%5F1.2/Ajax#Cross-Domain%5FgetJSON%5F.28using%5FJSONP.29">JSONP但也不能工作,你的情况。
A third options is JSONP but that would not work it your case.
我的意见 - 去与服务器端代理的第一个选项
My opinion - go for the first option with a server-side proxy.
为什么会出现同源策略?
Why is there a same origin policy?
想象一下,您在您的eBay帐户检查一些东西。然后,在你打开我的网站另一个选项卡,在这里我有一个脚本,提出了一系列没有你甚至没有注意到请求易趣(你仍然登录)和出价你的奥迪A8。恼人的...如果这是您的银行也可以直接从你偷的钱。
Imagine that you are checking some stuff on your ebay account. Then in another tab you open my site, where I have a script that makes a series of requests to ebay (you are still logged in) and bids you for an Audi A8 without you even noticing. Annoying... If it was your bank it can directly steal money from you.
具有讽刺意味的是,尽管同源策略,上面的攻击仍然是可能的。
The irony is that despite the same origin policy, the above attack is still possible.
这篇关于为什么我不能加载从jQuery的load方法外部资源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
