同源策略 - AJAX &使用公共 API

时间:2023-05-15
本文介绍了同源策略 - AJAX &使用公共 API的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

限时送ChatGPT账号..

如果我的用户在我自己的网页上,我知道:http://www.example.com/form.php

I know if on my own webpage, if my user is on : http://www.example.com/form.php

然后我从该页面发出 ajax 请求:http://example.com/responder.php

and I make an ajax request from that page to : http://example.com/responder.php

由于同源策略(子域不同),它将失败.

It will fail because of the Same origin policy (subdomain is different).

我想了解的是,当请求和服务器明显不同时,AJAX 请求如何从 flickr 等 API 中提取数据.

What I am trying to understand is, how is it that AJAX requests can pull data from API's like flickr when the request and server are obviously different.



eg:为什么这段代码有效?

Edit :

eg: Why does this code work?

$.getJSON('http://api.flickr.com/services/rest/?&;method=flickr...'

(参考了这个社区维基)是否使用跨源资源共享?

谢谢!

推荐答案

解决同源策略的已知方法很少.一种流行的技术是使用脚本标签注入",例如 JSONP.由于 <script> 标签不受同源策略的约束,第三方域上的脚本可以提供与提供的回调函数交互的可执行代码.您可能需要查看以下文章中的提示和技巧"部分以进一步阅读该主题:

There are few known methods to work around the Same Origin Policy. One popular technique is to use "Script Tag Injection" such as in JSONP. Since the <script> tag is not constrained by the Same Origin Policy, a script on a third-party domain can provide executable code that interacts with a provided callback function. You may want to check out the "Tips and Tricks" section in the following article for further reading on the topic:

  • 如何动态插入 Javascript 和 CSS (hunlock.com)
  • Howto Dynamically Insert Javascript And CSS (hunlock.com)

您可能也有兴趣查看以下 Stack Overflow 帖子,以进一步阅读解决同源策略的其他技术:

You may also be interested in checking out the following Stack Overflow post for further reading on other techniques to work around the Same Origin Policy:

  • 规避同源策略的方法

更新:进一步更新问题:

引用 $.getJSON() 上的 jQuery 文档一个>:

Quoting from the jQuery documentation on $.getJSON():

如果 URL 包含字符串callback=?"在 URL 中,请求被视为 JSONP.

If the URL includes the string "callback=?" in the URL, the request is treated as JSONP instead.

这篇关于同源策略 - AJAX &amp;使用公共 API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:JavaScript - XMLHttpRequest、Access-Control-Allow-Origin 错误 下一篇:区分 AJAX 调用/浏览器请求

相关文章