谷歌是如何的JavaScript API围绕AJAX的跨域安全得到 [英] How does Google's javascript API get around the cross-domain security in AJAX

问题描述

如何谷歌的API进行跨域请求回谷歌，当它在你的网站？

How does Google's API make cross-domain requests back to Google, when it's on your website?

推荐答案

他们避开它通过动态注入脚本标记到文档的头部。即通过该注入派下来的JavaScript中有一个回调函数，告诉的，因为它已经加载的页面和有效载荷（数据）脚本运行。

They get around it by dynamically injecting script tags into the head of the document. The javascript that is sent down via this injection has a callback function in it that tells the script running in the page that it has loaded and the payload (data).

该脚本可以再取出动态注入脚本标记和继续。

The script can then remove the dynamically injected script tag and continue.

这篇关于谷歌是如何的JavaScript API围绕AJAX的跨域安全得到的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！