跨域脚本问题和放大器; JSONP [英] Cross Domain Scripting Issues & JSONP

问题描述

我们的客户要求我们提供Widgits为他们的网站。他们想链接到我们获得HTML和放大器;需要jQuery的操纵Html和做异步请求。据我所知，有跨域安全限制，将prevent这从一个可能性，但其中有些限制是通过使用JSONP作为数据传输格式aleviated。

Our Client requires that we supply Widgits for their site. They want to link to us to get Html & the jQuery required to manipulate the Html and do asynchronous requests. I understand that there are cross-domain security limitations that would prevent this from being a possibility, but that some of those limitations are aleviated by using JSONP as the data transfer format.

我发现它在寻找什么在我想要实现的背景下可能的解释困难。可能有人请填写我？

I'm finding it difficult in finding an explanation of what's possible in the context of what I'm trying to achieve. Could somebody please fill me in?

推荐答案

在总之，所有的AJAX请求（和交叉窗口脚本）都受到了的同源策略。 JSONP（ JSON与填充）不受同源策略，因为它涉及到添加从外部域到DOM脚本，脚本本身包含对已经存在的客户端上，以JSON作为函数调用的参数已知函数的调用。

In short, all AJAX requests (and cross-window scripting) are subject to the Same Origin Policy. JSONP (JSON with Padding) isn't subject to the Same Origin Policy because it involves adding a script from an external domain to the DOM, the script itself contains a call to a known function that already exists on the client, with the JSON as the function call's argument.

JSONP不能直接返回HTML或XML，但它可以通过包含HTML或XML数据，进而可以添加到DOM或由客户端解析的串的对象。

JSONP can't return HTML or XML directly, but it could pass an object that contains a string of HTML or XML data, which in turn could be added to the DOM or parsed by the client.

例如，JSONP可能会返回：

For instance, a JSONP might return:

jsonp_callback({"Errors":"none","Data":"<div id='externalWidget'>Hello!</div>"});

在这个脚本添加到页面，功能 jsonp_callback 将与JSON对象作为参数执行。这个函数会再添加HTML code页面。

When this script is added to the page, the function jsonp_callback will be executed with the JSON object as its argument. That function would then add the HTML code to the page.

有实现你想要什么的其他方式。例如，如果客户端不需要操纵以任何方式的数据，可以提供通过将由客户的页面的iFrame一个HTML文档小窗口：

There are other ways of achieving what you want. For instance, if the client doesn't need to manipulate the data in any way, you could provide a widget via a HTML document that would be iframed by your client's page:

<iframe id="widget" src="http://mysite.com/widget/v1/" />

如果他们需要操作的数据，他们将阻止同源策略如上文所述。

If they did need to manipulate the data, they would blocked by the Same Origin Policy as outlined above.

这篇关于跨域脚本问题和放大器; JSONP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！