第 3 方 javascript 设置 document.cookie
[英]3rd party javascript setting document.cookie
问题描述
Here is the situation I'm trying to figure out:
这是我试图弄清楚的情况:
I have page 'ABC.html' that is loaded from foo.com/ABC.html.我有从 foo.com/ABC.html 加载的页面“ABC.html”。 It has a script tag that loads javascript from bar.com.它有一个脚本标签,可以从 bar.com 加载 javascript。 The javascript loaded from bar.com sets document.cookie to something say: "baz => cookieValue" and it DOES NOT set the domain.从 bar.com 加载的 javascript 将 document.cookie 设置为以下内容:“baz => cookieValue”并且它没有设置域。
If I understand correctly, because a domain wasn't specified, when setting document.cookie, the cookie defaults to the origin domain of 'foo.com'.如果我理解正确,因为没有指定域,所以在设置 document.cookie 时,cookie 默认为 'foo.com' 的原始域。
So now, page ABC.html has its own javascript and in this javascript it's going to make an ajax call.所以现在,页面 ABC.html 有它自己的 javascript 并且在这个 javascript 中它将进行 ajax 调用。
My question is: when it makes that ajax call does it send the "baz => cookieValue" cookie set from the javascript loaded from bar.com?我的问题是:当它进行 ajax 调用时,它是否发送从 bar.com 加载的 javascript 设置的“baz => cookieValue”cookie?
Thank you for any help.感谢您的任何帮助。
1 个解决方案
解决方案1
1 2016-03-28 20:19:08
No cookie gets set for bar.com;没有为 bar.com 设置 cookie; the cookie is set for foo.com and will be included in the AJAX connection to foo.com.该 cookie 是为 foo.com 设置的,并将包含在到 foo.com 的 AJAX 连接中。
The script executes in the foo.com origin, no matter where it was loaded from.脚本在 foo.com 源中执行,无论它是从哪里加载的。 Only iframes and pop-up windows can execute scripts in different origins from the parent page.只有 iframe 和弹出窗口可以从父页面执行不同来源的脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.