问题描述
我知道,出于安全原因,不允许跨域请求,但我的印象是,只有顶级域需要匹配,不同的子域名没有问题。但是,我从Chrome 7收到此错误:
不安全的JavaScript尝试访问含有网址的框架来自框架,网址为。域,协议和端口必须匹配
规则对于这些类型的请求?
简而言之,同源策略的规则是:
- 同一主机
- 同一个港口
- 同一协议
在您的示例中,您违反了主机规则,因为不同的子域可能指向与另一个不同的主机/ IP,即使第二级域是相同的。
如果没有其他可能性,您可以尝试在ajax请求中使用JSONP;这没有SOP。
I know that cross-domain requests are disallowed for security reasons, but I was under the impression that only the top-level domain needed to match, that different sub-domains were okay. However, I am getting this error from Chrome 7:
"Unsafe JavaScript attempt to access frame with URL http://foo.somedomain.com/dir/page.html from frame with URL http://bar.somedomain.com/otherdir/otherpage.html. Domains, protocols and ports must match"
What exactly are the rules for these types of requests?
In short, the rules of the same origin policy are:
- same host
- same port
- same protocol
In your example you are violating the host rule, as a different subdomain could point to a different host/ IP than another, even if the second level domain is the same.
If you have no other possibility, you could try to use JSONP in your ajax request; this doesn't have an SOP.
这篇关于我认为跨子域名AJAX请求是允许的,但这个Chrome错误似乎表明了的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!