为什么AJAX请求仅限于同一域？ [英] Why are AJAX requests limited to same domain?

问题描述

东西，我觉得真的很困惑，是为什么AJAX请求仅限于同一域？什么是推理背后？

Something I find really confusing, is why are AJAX requests limited to the same domain? What is the reasoning behind this?

我看不出有什么问题，请求来自外部位置的文件，服务器也使得XMLHTTP请求似乎GET和POST到外部位置就好了。

I don't see any problem with requesting files from external locations, also servers making XMLHTTP requests seem to get and post to external locations fine.

推荐答案

想像一下：

您来我的神话般的网站www.halfnakedgirls.com。你玩得开心看似乎对人体生理技术文档，但在你的背后，一些JavaScript的线路正在执行一些请求到另一个域，让我们说www.yourpaypallike.com。

You come on my fabulous website www.halfnakedgirls.com. You have fun watching what looks like technical documentation on human physiology, but behind your back, some lines of JavaScript are executing some request to another domain, let's say www.yourpaypallike.com.

要求像<$c$c>http://www.yourpaypallike.com/account/transfer?to=badguy@evilwebsite.com&amount=984654或 http://www.mymailprovider.com/mails/export?format=csv 。

你现在明白为什么它是被禁止的？ =）

Do you now see why it is forbidden ? =)

这篇关于为什么AJAX请求仅限于同一域？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！