为什么在使用Google Maps API时不会收到“同源政策”警告? [英] Why don't I get a 'same origin policy' warning when using the Google Maps API?
问题描述
我在我的JavaScript网页中进行REST式网路服务呼叫,并收到以下警告:
I'm making a RESTful web service call in my JavaScript page and get the following warning:
这个网页正在存取不受其控制的资讯。
"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"
现在我已经阅读了这一点,并且注意到了跨网域,同源政策。但是,当我使用Google Maps API等其他API时,我没有收到此类警告。显然,该域与我的本地域不同。有什么不同?
Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?
我的初步猜想是,使用< script>
标记将Google导入 REST消耗使用XMLHttpRequest。如果是这种情况,这两种方法之间的区别是什么是值得警告,而另一种不是?
My initial guess is that Google is 'imported' into the page using the <script>
tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?
推荐答案
以下可能解释的事情:
http://markmail.org/message/5wrphjwmo365pajy
The following might explain things: http://markmail.org/message/5wrphjwmo365pajy
此外,他们使用一些脚本hack(例如,在DOM中插入脚本以获取请求的数据,而不是XHR)。
Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).
这篇关于为什么在使用Google Maps API时不会收到“同源政策”警告?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!