发表新帖
发表新帖

How does Google's javascript API get around the cross-domain security in AJAX

前端 未结
关注
5 2166
半阙折子戏
半阙折子戏 2020-12-14 04:11

How does Google\'s API make cross-domain requests back to Google, when it\'s on your website?

5条回答
  • 既然无缘
    既然无缘 (楼主)
    2020-12-14 04:47

    The accepted answer is wrong. Ben is correct. Below is the actually iframe node pulled off a page using the Google API JavaScript Client.

    Basic summary of how this works is here: http://ternarylabs.com/2011/03/27/secure-cross-domain-iframe-communication/. On modern browsers they utilize HTML postMessage to achieve communication, and on older browsers, they use a neat multiple-iframe-urlhash-read+write-combination hack. Ternary Labs have made a library which abstracts all the hacky stuff out, essentially giving you postMessage on all browsers.

    One day I'll build ontop of this library to simplify cross-domain REST APIs...

    Edit: That day has come and XDomain is here - https://github.com/jpillora/xdomain

    0 讨论(0)
 看不清?
提交回复
热议问题