跨域AJAX [英] Cross-domain AJAX
问题描述
有关我的理解跨域Ajax调用不可能出于安全原因,
我明白这是有可能通过JSON-P,虽然做到这一点。
我的问题:为什么跨域AJAX调用禁止,但实际上可能在一个不太实用的方法?它会更简单,只是授权。
怎么是你应该做的那些一种简单的场景:
- 通过调用谷歌地图web服务的地理编码的位置
- 在通过其Web服务获取Flickr图片
- AJAX到不同的域,但它是相同的应用程序(服务器群的例子吗?)
- ...(这只是个例子)
如果我有换行/代理这些调用与服务器端脚本,这只是无聊和时间损失......你不能在最后一个完整的JavaScript应用程序? (如果你想使用外部的web服务我的意思)
为什么跨域Ajax调用禁止
您登录到您的银行,对吧?好吧,我就做一个Ajax请求您的银行和阅读您的账号,排序code,等等。
怎么是你应该做的那些一种简单的场景
- 在服务器端代理
- JSON-P
- CORS
如果我有换行/代理这些调用与服务器端脚本,这只是无聊和时间损失
很多事情会更容易,如果我们不担心安全。我们不需要锁在门上,在账户密码,等,等。
For what I understand cross-domain AJAX calls are not possible for security reasons.
I've understood that's it's possible to do it by using JSON-P though.
My question: why are cross-domain AJAX calls forbidden, but actually possible in a less practical way? It would be simpler to just authorize it.
How are you supposed to do for those kind of simple scenarios:
- geocoding a location by calling Google Maps webservice
- fetching Flickr images through its webservice
- ajax to a different domain but it's the same application (server farms for example?)
- ... (those are just examples)
If I have to wrap/proxy these calls with a server-side script, that's just boring and time lost... You can't make a full Javascript application in the end? (if you want to use external webservices I mean)
why are cross-domain AJAX calls forbidden
You are logged on to your bank, right? OK, I'll just make a Ajax request to your bank and read your account number, sort code, and so on.
How are you supposed to do for those kind of simple scenarios
- Server side proxy
- JSON-P
- CORS
If I have to wrap/proxy these calls with a server-side script, that's just boring and time lost
Many things would be easier if we didn't have to worry about security. We wouldn't need locks on doors, passwords on accounts, etc, etc.
这篇关于跨域AJAX的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
