1. 技术文章
  2. JavaScript Same Origin Policy - How does it apply to different subdomains?

JavaScript Same Origin Policy - How does it apply to different subdomains?

£可爱£侵袭症+ 提交于 2019-11-26 21:29:28

问题


How does the Same Origin Policy apply to the following two domains?

http://server1.MyDomain.com

http://server2.MyDomain.com

Can I run JS on a page hosted on server1, if the content is retreived from server2?

edit according to Daniel's answer below, I can include scripts between different subdomains using the <script> tag, but what about asynchronous requests? What if I download a script from server2 onto the page hosted on server1. Can I use the script to communicate asynchronously with a service on server2?


回答1:


You can only include scripts between different subdomains using the <script> tag, as it is exempt from the policy.

Using http://www.example.com/dir/page.html as source (from Wikipedia):

Compared URL                               Outcome  Reason
---------------------------------------------------------------------------------------------
http://www.example.com/dir/page.html       Success  Same protocol and host
http://www.example.com/dir2/other.html     Success  Same protocol and host
http://www.example.com:81/dir2/other.html  Failure  Same protocol and host but different port
https://www.example.com/dir2/other.html    Failure  Different protocol
http://en.example.com/dir2/other.html      Failure  Different host
http://example.com/dir2/other.html         Failure  Different host (exact match required)
http://v2.www.example.com/dir2/other.html  Failure  Different host (exact match required)

UPDATE:

Can I use the script to communicate asynchronously with a service on server2?

Yes, you can with JSONP, which takes advantage of the open policy for <script> tags to retrieve JSON from other origins.

You may also want to consider using a reverse proxy, as desribed in the following Stack Overflow post:

  • What am I missing in the XMLHttpRequest?



回答2:


Sure, you can run any script that you insert on your never mind where it comes from. Think about how to insert a google map on your page.

What your describe is a pattern called jsonp. Where a server on a other host returns a script you insert in your page and the script calls a function in your page with the response arguments.



来源:https://stackoverflow.com/questions/2543784/javascript-same-origin-policy-how-does-it-apply-to-different-subdomains

标签
javascript
same-origin-policy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!