If a.com loaded b.com/b.js as an external source. What is the domain within j.js? a.com, b.com or both?
如果a.com将b.com/b.js作为外部源加载。 j.js中的域名是什么? a.com,b.com或两者兼而有之?
2 个解决方案
#1
1
JavaScript runs on the client side. If it looks at window.location
it will see the current site - if that wasn't the case, all our JS from CDN's would point to the CDN's :)
JavaScript在客户端运行。如果它查看window.location它将看到当前站点 - 如果不是这样的话,我们所有来自CDN的JS都会指向CDN的:)
#2
1
example.com can load any resource from any domain, but the code still has the same origin policy so it can only talk to example.com. You do not get special rights by loading it from the other domain.
example.com可以从任何域加载任何资源,但代码仍然具有相同的源策略,因此它只能与example.com通信。您无法通过从其他域加载来获得特殊权限。
Imagine if linking to a file would all of the sudden allow cross domain talking. If that was the case, any site could link to a JS file of a bank, email provider, etc and be able to make Ajax calls behind the scenes. Not good!
想象一下,如果链接到一个文件会突然允许跨域通话。如果是这种情况,任何站点都可以链接到银行,电子邮件提供商等的JS文件,并能够在幕后进行Ajax调用。不好!
One great reason for loading content from another domain is cookies are not sent, meaning smaller payload. Also if you are loading from a CDN, people may already have the files in their browser's cache so no download time!
从另一个域加载内容的一个重要原因是没有发送cookie,这意味着更小的有效负载。此外,如果您从CDN加载,人们可能已经将文件放在浏览器的缓存中,因此没有下载时间!
If you are looking to make cross domain calls, you either need to look at JSONP, CORS, or proxies.
如果您要进行跨域调用,则需要查看JSONP,CORS或代理。
#1
1
JavaScript runs on the client side. If it looks at window.location
it will see the current site - if that wasn't the case, all our JS from CDN's would point to the CDN's :)
JavaScript在客户端运行。如果它查看window.location它将看到当前站点 - 如果不是这样的话,我们所有来自CDN的JS都会指向CDN的:)
#2
1
example.com can load any resource from any domain, but the code still has the same origin policy so it can only talk to example.com. You do not get special rights by loading it from the other domain.
example.com可以从任何域加载任何资源,但代码仍然具有相同的源策略,因此它只能与example.com通信。您无法通过从其他域加载来获得特殊权限。
Imagine if linking to a file would all of the sudden allow cross domain talking. If that was the case, any site could link to a JS file of a bank, email provider, etc and be able to make Ajax calls behind the scenes. Not good!
想象一下,如果链接到一个文件会突然允许跨域通话。如果是这种情况,任何站点都可以链接到银行,电子邮件提供商等的JS文件,并能够在幕后进行Ajax调用。不好!
One great reason for loading content from another domain is cookies are not sent, meaning smaller payload. Also if you are loading from a CDN, people may already have the files in their browser's cache so no download time!
从另一个域加载内容的一个重要原因是没有发送cookie,这意味着更小的有效负载。此外,如果您从CDN加载,人们可能已经将文件放在浏览器的缓存中,因此没有下载时间!
If you are looking to make cross domain calls, you either need to look at JSONP, CORS, or proxies.
如果您要进行跨域调用,则需要查看JSONP,CORS或代理。