[英]Confusion about Chrome's same origin policy: how to get rid of it without asking the user disable security in Chrome?
I am confused : I am developping a web app (HTML/CSS/JS) that loads google+ platform api scripts to create a single log on. 我很困惑:我正在开发一个Web应用程序(HTML / CSS / JS),它可以加载google + platform api脚本来创建单个登录。 It works in firefox but not in Chrome because of the "same origin policy" and I get the "Blocked a frame with origin..." errors. 它适用于Firefox,但不适用于Chrome,因为“相同的原始政策”,我得到了“阻止原始框架......”错误。
I am not gonna expect the user to start their Chrome with an option like "--disable-web-security"... , do I ? 我不希望用户使用像“--disable-web-security”这样的选项启动他们的Chrome ... ,是吗? ;-) ;-)
So I am confused : How do I get this to work with Chrome ? 所以我很困惑:如何让它与Chrome一起使用?
For example : if I try to load : 例如:如果我尝试加载:
<script type="text/javascript">
(function() {
var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = 'https://apis.google.com/js/client:plusone.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
})();
</script>
I get : 我明白了:
Blocked a frame with origin "https://apis.google.com" from accessing a frame with origin "https://boardlineapp.com". Protocols, domains, and ports must match.
检查您的域协议是否为https:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.