问题
I know that cross-domain requests are disallowed for security reasons, but I was under the impression that only the top-level domain needed to match, that different sub-domains were okay. However, I am getting this error from Chrome 7:
"Unsafe JavaScript attempt to access frame with URL http://foo.somedomain.com/dir/page.html from frame with URL http://bar.somedomain.com/otherdir/otherpage.html. Domains, protocols and ports must match"
What exactly are the rules for these types of requests?
回答1:
In short, the rules of the same origin policy are:
- same host
- same port
- same protocol
In your example you are violating the host rule, as a different subdomain could point to a different host/ IP than another, even if the second level domain is the same.
If you have no other possibility, you could try to use JSONP in your ajax request; this doesn't have an SOP.
Reference
回答2:
No cross sub domain requests are not allowed in any browser. But there are some ways like CORS, using iframes, setting document.domain to make it work (although with some limitations).
来源:https://stackoverflow.com/questions/4025061/i-thought-cross-subdomain-ajax-requests-were-allowed-but-this-chrome-error-seem