问题
I have a siteA, and JS in siteB. The siteB JS get the siteB domain to return JSON in AJAX POST request. Then, base on the information in siteB domain, and use the siteB JS inject into site A website via some create document technique in JS. If it is violate the same origin policy, any other suggestions? Thank you.
(I only have the right to control siteB.)
回答1:
People generally think about three origins when dealing with this sort of thing:
- The Page (http://example.com/)
- The Script (http://example.net/foo.js)
- The Data (http://example.net/bar.json)
There is often confusion about which ones are compared when working out if the "same" origin is being used. Only the origin of the page and the data matter. Where the script itself is loaded from is irrelevant.
In this case:
- The Page: A
- The Script: B (irrelevant)
- The Data: B
Since the page and the data come from different origins, you cannot read the data from the page.
Since you want to make a POST request: Proxy the HTTP request through A. (JSON-P, the other classic cross-domain Ajax technique, is strictly limited to GET requests.)
You could also consider using Cross-Origin Resource Sharing which allows you to override the Same Origin Policy, but has limited browser support.
回答2:
you can use a bridge server-side. create a file in php/asp in site A that call (like through curl) your other site B.
回答3:
You can't use javascript from one domain to modify the content of another website on another domain. If you control both sites (and I hope you do), you can use javascript from B to push data to site B's server, and then use inter-server communication to update A's server, and hence update A's content.
来源:https://stackoverflow.com/questions/7163162/about-same-origin-policy-can-i-do-this