放宽同源政策
[英]Relaxing same-origin policy
问题描述
According to this Wikipedia article , there are three methods of relaxing the SOP. 
根据这篇Wikipedia文章 ,有三种放松SOP的方法。 However, the article doesn't discuss the advantages nor drawbacks of any of them. 但是,本文没有讨论其中任何一个的优点或缺点。
- Setting document.domain property 设置document.domain属性
- Switching to Cross-Origin Resource Sharing 切换到跨域资源共享
- Implementing Cross-document messaging 实施跨文档消息传递
I wonder which one to pick. 我不知道该选哪个。 Sre all of them implemented today? 今天都实施了吗? Are they supported? 他们支持吗? When to pick which? 什么时候选哪个? What to look up for when using them? 使用它们时要查找什么? Etc. 等等。
1 个解决方案
解决方案1
0 已采纳 2012-11-27 09:17:45
- You cannot set
document.domainproperty directly ( browser does that for you ) or am I missing something?您无法直接设置document.domain属性(浏览器会为您设置),或者我缺少什么? This would be a serious security issue.这将是一个严重的安全问题。 Thus this is not really an option for cross-origin scripting. 因此,这实际上不是跨域脚本编写的选项。 - The way to go if you intend to communicate with different domains from one iframe ( basically making cross-domain AJAX calls ). 如果您打算通过一个iframe与不同的域进行通信,则该方法(基本上是进行跨域AJAX调用)。
- This allows you to communicate between iframes inside one page. 这样一来,您就可以在一页内的iframe之间进行交流。 If you only need that, then this is a way to go. 如果您只需要这样做,那么这是一种方法。 Read also this for more details: Benefit of CORS over cross-domain messaging 另请阅读以获取更多详细信息: CORS相对于跨域消息传递的优势
All of them are implemented in all major browsers. 所有这些都在所有主要的浏览器中实现。 All are supported. 全部都支持。 Which one to pick? 选哪一个? If you have access to the server side, then CORS is my prefered way to go. 如果您有权访问服务器端,那么CORS是我首选的方式。 At the end of the day it depends on exactly what you want to do. 归根结底,这取决于您要做什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.