Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
132 views
in Technique[技术] by (71.8m points)

javascript - Same origin policy

Maybe some of you can help me get a better understanding of the javascript same origin policy.

The same origin policy is defined as following (http://en.wikipedia.org/wiki/Same_origin_policy):

In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.

I have deployed a GWT application to the Google App Engine with url

http://metalsandstocks.appspot.com

Since GWT compiles all java into javascript this means my app is deployed as javascript. Since this is an ajax application I assumed that it would be required to abide by the same origin policy. The app uses ajax to make calls to a different domain(http://finance.yahoo.com)in order to get real-time stock quotes for dispaly to the user. The app works as described yet it has a different domain than the one it calls for it's updates. Does this app violate the same origin policy? Why or why not?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can get Yahoo Finance using JSONP, so that is most definitely what you are using.

An example URL is...

http://d.yimg.com/autoc.finance.yahoo.com/autoc?query=Apple&callback=YAHOO.Finance.SymbolSuggest.ssCallback

When the request has loaded, it will call the callback you define in the GET param. This allows you to work around same origin policy, provided the service has support for JSONP.

Alternatively, some people use their server as a proxy.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...