所以，JSONP或CORS？ [英] So, JSONP or CORS?

问题描述

我的WebAPI被部署在联网的环境。这意味着的安全的不是我关注的问题。

My WebAPI was deployed in the Intranet environment. That means security was not my concern.

似乎CORS是的更友好的客户端和的更容易实施的

It seems that CORS is much more friendly to the client and easier to implement.

任何其他问题我可能会错过？

Any other concerns I might have missed?

推荐答案

这是一个pretty广泛的问题，并能保证维基你们自己。还有就有关两个谷歌不少，但我想我可以打几个关键点。

This is a pretty broad question, and could warrant a wiki unto itself. There is also quite a bit on google regarding the two, but I think I can hit a few key points.

• 如果你需要一个只读的Ajax界面到您的服务器，你需要支持IE＆LT; = 9，歌剧＆LT; 12，或Firefox＆LT; 3.5或其他各种旧的或隐晦的浏览器，CORS出来了，使用JSONP。 IE8和IE9支持八九不离十，但CORS系统有问题，请参见下面的第一个评论的链接。


• 在另一方面，而不只是看，如果Web API是读/写（例如充分的休息或只是POST / GET）（即GET），JSONP出来了。使用CORS。 JSONP本质上是只读的。

• If you need a read-only ajax interface to your servers and you need to support IE<=9, Opera<12, or Firefox<3.5 or various other older or obscure browsers, CORS is out, use JSONP. IE8 and IE9 sorta support CORS but have problems, see the link in the first comment below.
• On the other hand, if your web API is read/write (e.g. full REST or just POST/GET) instead of just read (i.e. GET), JSONP is out. Use CORS. JSONP is inherently read-only.

如果这些都不是一个问题，我只想去与任何是最容易的或最熟悉。如果它是一个tossup，尽量CORS，因为它是更现代的解决方案和JSONP更是一个黑客，将数据转化为脚本，以绕过跨域限制。 CORS确实然而，通常需要更多的服务器端配置。

If neither of these are a concern, I would just go with whatever is easiest or most familiar to you. If its a tossup, try CORS, since it is the more "modern" solution and JSONP is more of a hack, turning data into scripts to bypass cross-domain restrictions. CORS does however, typically require more server-side configuration.

如果你正在使用jQuery，我不知道你在哪里想出的想法，CORS是更友好以客户端和更容易实施。请参见 https://gist.github.com/3131951 。 jQuery的抽象JSONP的细节，并CORS实际上可以有点棘手implment在你的服务器端取决于你使用的是什么技术。

If you're using jQuery, I'm not sure where you're coming up with the idea that CORS is "much more friendly to the client and easier to implement." See https://gist.github.com/3131951 . jQuery abstracts the details of JsonP, and CORS can actually be somewhat tricky to implment on your server-side depending on what technology you're using.

我最近开发了一个Web应用程序，使用jQuery和Backbone.js的，从我们控制各种跨域Web服务的读取，并最终使用JSON-P代替CORS，因为我们需要支持IE7，这是一个位在服务器端简单（我们运行Django的重量/ DjangoRestFramework），几乎与在客户端的jquery相同。

I recently developed a web app, using jquery and backbone.js, which reads from various cross-domain web services that we control, and ended up using Json-P instead of CORS because we need to support IE7 and it was a bit simpler on the server side (we run Django w/ DjangoRestFramework), and virtually the same with jquery on the client side.

这篇关于所以，JSONP或CORS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！