Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
239 views
in Technique[技术] by (71.8m points)

javascript - Why is the HTML SCRIPT tag not subject to the same origin policy

I am asking this questions because we will develop an application that is supposed to share cross origin data via javascript. One possible solution seems JSONP as it uses SCRIPT tags pull data from other domains. However, I would like to avoid the situation that we implement our awesome code on the assumption that the SCRIPT tag is not subject to sop and at some point browsers prohibit this functionality.

Can anybody shed some light on what is the reason for the SCRIPT tag to allow cross domain requests?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I suppose this draft titled "Principles of the Same-Origin Policy" explains (albeit briefly) what's pretty much in everyone's head:

In principle, user agents could treat every URL as a separate principal and isolate each document from every other URL unless the document explicitly indicated that it trusted that URL. Unfortunately, this design is cumbersome for developers because web applications often consist of a number of resource acting in concert.

As an approximation, user agents group URLs together into protection domains called origins. In particular, two URLs are part of the same origin (i.e., represent the same principal) if they have the same scheme, host, and port.

In short: it would be much harder to build the Web if everything was subject to SOP.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...