同源策略 - AJAX &使用公共 API

问题描述

如果我的用户在我自己的网页上，我知道:http://www.example.com/form.php

I know if on my own webpage, if my user is on : http://www.example.com/form.php

然后我从该页面发出 ajax 请求:http://example.com/responder.php

and I make an ajax request from that page to : http://example.com/responder.php

由于同源策略(子域不同)，它将失败.

It will fail because of the Same origin policy (subdomain is different).

我想了解的是，当请求和服务器明显不同时，AJAX 请求如何从 flickr 等 API 中提取数据.

What I am trying to understand is, how is it that AJAX requests can pull data from API's like flickr when the request and server are obviously different.

eg:为什么这段代码有效?

Edit :

eg: Why does this code work?

$.getJSON('http://api.flickr.com/services/rest/?&;method=flickr...'

(参考了这个社区维基)是否使用跨源资源共享?

谢谢！

推荐答案

解决同源策略的已知方法很少.一种流行的技术是使用脚本标签注入"，例如 JSONP.由于 <script> 标签不受同源策略的约束，第三方域上的脚本可以提供与提供的回调函数交互的可执行代码.您可能需要查看以下文章中的提示和技巧"部分以进一步阅读该主题:

There are few known methods to work around the Same Origin Policy. One popular technique is to use "Script Tag Injection" such as in JSONP. Since the <script> tag is not constrained by the Same Origin Policy, a script on a third-party domain can provide executable code that interacts with a provided callback function. You may want to check out the "Tips and Tricks" section in the following article for further reading on the topic:

• 如何动态插入 Javascript 和 CSS (hunlock.com)

• Howto Dynamically Insert Javascript And CSS (hunlock.com)

您可能也有兴趣查看以下 Stack Overflow 帖子，以进一步阅读解决同源策略的其他技术:

You may also be interested in checking out the following Stack Overflow post for further reading on other techniques to work around the Same Origin Policy:

• 规避同源策略的方法

更新:进一步更新问题:

引用 $.getJSON() 上的 jQuery 文档一个>:

Quoting from the jQuery documentation on $.getJSON():

如果 URL 包含字符串callback=?"在 URL 中，请求被视为 JSONP.

If the URL includes the string "callback=?" in the URL, the request is treated as JSONP instead.

这篇关于同源策略 - AJAX &使用公共 API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持html5模板网！