Google Data js客户端如何访问供稿而没有任何同源策略问题?
[英]How can Google Data js-client access feeds without any same-origin-policy issue?
问题描述
I've been reading about the JavaScript Client Library for Google Data Protocol and it seems that it can access any Google service that has a proper interface (Docs, Spreadsheets, Calendar etc.) 
我一直在阅读有关Google数据协议的JavaScript客户端库的信息,看来它可以访问具有适当接口(文档,电子表格,日历等)的任何Google服务。
If I use this client in my own application hosted on my own domain, how does the js client library get around the same-origin-policy that seems to be violated? 如果我在自己的域中托管的自己的应用程序中使用此客户端,那么js客户端库如何绕过似乎违反的同源策略? Is it because the client library code itself is hosted on the Google top level domain that this works? 是否因为客户端库代码本身托管在Google顶级域上才起作用?
2 个解决方案
解决方案1
1 2010-08-12 15:59:41
THe same-origin policy does not stop your Javascript from making requests to other sites (which respond eg in XML or JSON, as google data does) and receiving and processing the resulting data. 同源策略不会阻止您的Javascript向其他网站(例如Google数据那样以XML或JSON响应的网站)发出请求并接收和处理结果数据。 Rather, to quote this page , 而是引用此页面 ,
The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin.
Since no such "getting or setting properties of a document" occurs in google data, the same-origin policy does not impede it. 由于在Google数据中没有发生这样的“获取或设置文档的属性”,因此同源政策不会对其加以阻止。
解决方案2
0 2011-02-07 05:45:17
They might be using JSONP to get around it: 他们可能正在使用JSONP来解决它:
What is JSONP all about? JSONP的全部含义是什么?
Or they could be using the 'Access-Control-Allow-Origin' header. 或者他们可能正在使用“ Access-Control-Allow-Origin”标头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.