同源策略 - AJAX和放大器;使用公共API [英] Same Origin Policy - AJAX & using Public APIs
问题描述
我知道,如果我自己的网页,如果我的用户是:
http://www.example.com/form.php
I know if on my own webpage, if my user is on :
http://www.example.com/form.php
和我做的那个页面,Ajax请求:
http://example.com/responder.php
and I make an ajax request from that page to :
http://example.com/responder.php
这将会失败。
我试图要了解的是,是什么让AJAX请求可以从API的数据拉Flickr等当请求和服务器有明显的不同。
What I am trying to understand is, how is it that AJAX requests can pull data from API's like flickr when the request and server are obviously different.
编辑:
例如:为什么这code工作
Edit :
eg: Why does this code work?
$.getJSON('http://api.flickr.com/services/rest/?&;method=flickr...'
谢谢!
推荐答案
有一些已知的方法来解决同源策略。一种流行的方法是使用脚本标记注入,比如在 JSONP 。因为<脚本>
标签不被同源策略,在第三方域脚本可以提供可执行的code,与所提供的回调交互约束功能。您可能希望签出提示与技巧一节中下面的文章进一步阅读的话题:
There are few known methods to work around the Same Origin Policy. One popular technique is to use "Script Tag Injection" such as in JSONP. Since the <script>
tag is not constrained by the Same Origin Policy, a script on a third-party domain can provide executable code that interacts with a provided callback function. You may want to check out the "Tips and Tricks" section in the following article for further reading on the topic:
- HOWTO动态插入JavaScript和CSS (hunlock.com)
- Howto Dynamically Insert Javascript And CSS (hunlock.com)
您还可能有兴趣在检查出下面的堆栈溢出后进一步阅读上的其他技术来绕过同源策略:
You may also be interested in checking out the following Stack Overflow post for further reading on other techniques to work around the Same Origin Policy:
- 方式来规避同源政策 李>
更新:进一步更新的问题:
这是jQuery的文档上 $引用。的getJSON()
一>:
Quoting from the jQuery documentation on $.getJSON()
:
如果该URL包含字符串回调=?在URL,请求被视为JSONP代替
If the URL includes the string "callback=?" in the URL, the request is treated as JSONP instead.
这篇关于同源策略 - AJAX和放大器;使用公共API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!