在JSONP Cookie的访问 [英] Cookie Access over JSONP
问题描述
我有一个页面 domain.com ,使一个JSONP Ajax请求(使用jQuery的 .getJSON()功能)到URL中的 anotherdomain.com 。我想(阅读:假设),在 anotherdomain.com 的资源将有服务器端访问该域中设置任何Cookie,但似乎并不成为外壳?
AJAX调用正在做专门访问特定的Cookie,做一些数据操作,并返回一组丰富的的cookie值键入信息。原来的域名不具有直接访问cookie的值,所以我认为,一个Ajax请求将保持我所需要的状态。
关键的一条关于cookies的信息,我俯瞰哪?我累极了,我只是没有看到它。
感谢。
更新
我发现这样做的一种方式,但它看起来像JSONP到我的眼睛,所以我不知道为什么这样工作的,而阿贾克斯版没有。是请求刚刚从浏览器会话断开,从而没有饼干都可以访问?
<脚本类型=应用程序/ x-javascript的SRC =< PHP的echo $ service_url'和;回调=利益'。>>< / SCRIPT>
<脚本类型=文/ JavaScript的>
功能利益(数据){
$(函数(){
VAR c_behaviors = data.length;
VAR的id = [];
对于(VAR I = 0; I< c_behaviors;我++){
ids.push(数据[I] .behavior_id);
}
$('身体')追加('< P><标签>返回的:其中; /标签>+ ids.join('')+'< / P>');
});
}
< / SCRIPT>
同源策略适用的所有Ajax请求,因此,如果在一个Ajax调用正在访问的域名是不是在浏览器(document.host)加载的领域不同,在所请求的URL的域相关联的所有Cookie不会被发送了。因此,JSONP方法有效,因为它写出一个新的脚本的窗口,它会像任何资源请求的浏览器可以使外部域(因此通过所有在URL中的域名相关联的饼干)。我也有通过简单地调用 $。员额(http://atdmt.com)从我的铬控制台,而在stackoverflow.com在浏览器(证实了这一点唯一的其他领域,在我的浏览器有饼干,一边写了答案),并没有派了任何cookie的请求头。
另一种解决方案来解决保持状态的问题 anotherdomain.com 将有 anotherdomain.com 设置第一方Cookie(通过不设置域属性该cookie),以及当一个AJAX / JSON请求发送到 anotherdomain.com 获得通过javascript,并使用标准的HTTP PARAMS拉高的要求。这些cookie
希望我帮助。
I have a page in domain.com that makes a JSONP ajax request (using jQuery's .getJSON() function) to a URL in anotherdomain.com. I thought (read: assumed) that the resource in anotherdomain.com would have server-side access to any cookies set in that domain, but that doesn't seem to be the case?
The ajax call is being done specifically to access a particular cookie, do some data manipulation and return a rich set of information keyed by the cookie value. The original domain doesn't have direct access to the cookie value, so I thought that an ajax request would maintain the state I need.
Which pivotal piece of information about cookies am I overlooking? I'm exhausted and I'm just not seeing it.
Thanks.
UPDATE
I found a way of doing it, but it looks like JSONP to my eye, so I'm wondering why this way works while the Ajax version doesn't. Is the request just disconnected from the browser session so that no cookies are accessible?
<script type="application/x-javascript" src="<?php echo $service_url . '&callback=interests' ?>"></script>
<script type="text/javascript">
function interests( data ) {
$( function() {
var c_behaviors = data.length;
var ids = [];
for( var i = 0; i < c_behaviors; i++ ) {
ids.push( data[i].behavior_id );
}
$('body').append( '<p><label>Returned:</label> ' + ids.join( ', ' ) + '</p>' );
});
}
</script>
The same origin policy applies to all ajax requests, so if the domain being accessed in an ajax call is different than the domain loaded in the browser (document.host), all cookies associated with the domain in the requested url will not be sent up. Therefore, the JSONP approach works because it writes out a new script tag in the window, which will behave like any resource request a browser could make to an external domain (hence passing all the cookies associated with the domain in the url). I have also confirmed this by simply calling $.post("http://atdmt.com") from my chrome console, while on stackoverflow.com in the browser (the only other domain that had cookies in my browser, while writing up the answer) and it did not send up any cookies in the request headers.
Another solution to get around the problem of maintaining state for anotherdomain.com would be to have anotherdomain.com set a first party cookie (by not setting the domain attribute of the cookie) and when an ajax/json request is made to anotherdomain.com access those cookies via javascript and push them up the request using standard HTTP params.
Hope I have helped.
这篇关于在JSONP Cookie的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
