谷歌分析如何避免相同的原始政策?
[英]How does google analytics avoid same origin policy?
问题描述
I had an idea for a project involving a Javascript terminal utilising a specified PHP script as a server to carry out remote functions. 
我想到了一个涉及Javascript终端的项目,该终端利用指定的PHP脚本作为服务器来执行远程功能。 I understand that the same origin policy would be an obstacle with such a project, but looking at google analytics, which I use every day, it seems they have a way of avoiding the problem on a huge scale. 我知道同样的原始政策会成为这样一个项目的障碍,但是看看我每天使用的谷歌分析,似乎他们有办法大规模地避免这个问题。
3 个解决方案
解决方案1
14 2012-12-01 15:04:10
The modern way to allow cross-domain requests is for the server to respond with the following header to any requests: 允许跨域请求的现代方法是服务器使用以下标头响应任何请求:
Access-Control-Allow-Origin: *
This allows requests from any hosts, or alternatively a specific host can be used instead of * . 这允许来自任何主机的请求,或者可以使用特定主机而不是* 。 This is called Cross Origin Resource Sharing (CORS). 这称为跨源资源共享(CORS)。 Unfortunately it's not supported in older browsers, so you need hacks to work around the browser in that case (like a commenter said perhaps by requesting an image). 不幸的是,它在旧版浏览器中不受支持,因此在这种情况下你需要通过黑客来解决浏览器问题(就像评论者所说,可能是通过请求图像)。
解决方案2
13 已采纳 2012-12-01 15:17:02
Google Analytics, Google AdWords and practically all other analytics/web-marketing platforms use <img> tags. Google Analytics,Google AdWords和几乎所有其他分析/网络营销平台都使用<img>标记。
They load their JS programs, those programs handle whatever tracking you put on the page, then they create an image and set the source of the image to be equal to whatever their server's domain is, plus add all of your tracking information to the query string. 他们加载他们的JS程序,这些程序处理你在页面上放置的任何跟踪,然后他们创建一个图像并将图像的源设置为等于他们的服务器的域,并将所有跟踪信息添加到查询字符串。
The crux is that it doesn't matter how it gets there: 关键是它如何到达那里并不重要:
the server is only concerned about the data which is inside of the URL being called, and the client is only concerned about making a call to a specific URL, and not in getting any return value. 服务器只关心被调用的URL内部的数据,客户端只关心调用特定的URL,而不是获取任何返回值。
Thus, somebody chose <img> years and years ago, and companies have been using it ever since. 因此,有人选择<img>多年前,公司一直在使用它。
解决方案3
-1 2015-04-18 06:53:24
You can get codes from third-party sites, but collecting data with them is restricted by the policy . 您可以从第三方站点获取代码,但使用它们收集数据受策略限制。
Google collects data with "_gaq" function array embedded by the 1st-orgine-site, and then Google sends the collected data as they are embedded in the http-request parameters. Google使用第一版网站嵌入的“_gaq”函数数据收集数据,然后Google将收集到的数据发送到http-request参数中。
http://www.google-analytics.com/__utm.gif?utmwv=4&utmn=769876874&utmhn=example.com&utmcs=ISO-8859-1&utmsr=1280x1024&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=9.0%20%20r115&utmcn=1&utmdt=GATC012%20setting%20variables&utmhid=2059107202&utmr=0&utmp=/auto/GATC012.html?utm_source=www.gatc012.org&utm_campaign=campaign+gatc012&utm_term=keywords+gatc012&utm_content=content+gatc012&utm_medium=medium+gatc012&utmac=UA-30138-1&utmcc=__utma%3D97315849.1774621898.1207701397.1207701397.1207701397.1%3B...
Google demonstrates clearly how tracking works. Google清楚地展示了跟踪如何运作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.