浏览器同源策略的限制以及解决办法。
Limitations of the browser same-origin policy and how these are overcome.
注意,同源策略只能应用于HTML文档。
Note that the same-origin policy only applies to HTML documents.
避免同源策略:JSON和动态脚本标记。
Avoiding the same-origin policy: JSON and the dynamic script tag.
问题是同源策略。
Ajax的一个主要不足就是为人诟病的同源策略。
One of the major constraints of Ajax is the notorious same origin policy.
The 标记将能够访问第三方资源,免除同源策略。
The tag would be able to access third-party resources, exempt from Same Origin Policy.
同源策略限制了来自一个域的站点向另一个域请求数据。
The same-origin policy prevents websites from one domain from requesting data belonging to another domain.
不过,获取资源后,框架中的内容会受到同源策略的限制。
After being fetched, however, the content in the frames would be subject to the same-origin policy limitations.
使用标记避开同源策略使客户机能检索来自第三方的内容。
Use of the tag to circumvent the Same Origin Policy allows the client to retrieve content from third parties.
要让Web页面从第三方检索内容,必须避开同源策略。
To have a Web page retrieve content from third-party sources, you must circumvent the Same Origin Policy.
同源策略阻止从一个域上加载的脚本获取或操作另一个域上的文档属性。
The same-origin policy prevents a script loaded from one domain from getting or manipulating properties of a document from another domain.
对于Web应用程序开发人员而言,它看上去可能完全不具有同源策略。
To the Web application developer, it might look like he doesn't have the same-origin policy at all.
可以通过许多方法绕过同源策略:稍后我将在文章中演示其中的一些方法。
You can bypass the same-origin policy in many ways: We'll illustrate some of these ways later in the article.
一些提出的解决方案包括:在辅以额外控制的同时,放宽同源策略的限制。
Some of the solutions proposed include relaxing the same-origin policy in the browser coupled with adding additional controls.
现代浏览器使用一种同源策略,只允许将后续请求发送给发出页面的相同域。
Modern browsers use a same origin policy that only permits subsequent requests to be issued to the same domain where the page originated.
作为一种有效的跨域通信技术,JSONP能够绕过当前浏览器的同源策略限制。
JSONP as an effective cross-domain communication technique, by-passing the same-origin policy limitations.
作为一个Web应用程序,我们的示例也受限于目前所有浏览器均执行的同源策略。
Being a Web application, our example is limited by the same origin policy enforced by all browsers.
这就是所有浏览器都实现了的同源策略(SameOrigin Policy)。
This is the Same Origin Policy, which all browsers implement.
标记的可伸缩性优点的获得以避开同源策略安全性模型为代价,可能导致易于收到攻击。
The scalability benefit of the tag comes at the cost of sidestepping the Same Origin Policy security model, introducing potential attack vulnerabilities.
在这篇文章中,我们概述了在Web 2.0应用程序中避免同源策略的各种不同的方法。
In this article, we provided an overview of different ways in which Web 2.0 applications avoid the same-origin policy.
来自微软研究院系统与网络组的HelenWang进一步指出了同源策略的失败之处。
Helen Wang from the systems and networking group at Microsoft Research goes further into the failing of the same-origin policy.
同源策略的失败在于它迫使‘现在的网络应用,要么选择牺牲掉安全,要么选择牺牲掉功能。’
he same-origin policy fails by forcing 'Web applications today to either sacrifice security or functionality.'
由于同源策略(Sameorigin),浏览器脚本只能与它所源自的那个服务器进行会话。
Due to the Same origin policy, the browser script can talk to the server only where it originates.
浏览器的同源策略无法阻止CSRF攻击,因为攻击请求被传输到第三方入侵站点的代理中相同的源。
The browser's same-origin policy does not prevent CSRF attacks because the attack requests are transmitted to the same origin in proxy for the intruding third-party site.
因为同源策略的限制,我们不能在与外部服务器进行通信的时候使用XMLHttpRequest。
Because of the same-origin policy, you cannot use XMLHttpRequest when communicating with external servers.
当受到浏览器的同源策略限制时,承载应用程序的服务器必须承担获取第三方内容并将其发送到客户机的任务。
When restricted by the browser's same Origin Policy, the same server that hosts the application must take on the task of fetching the third-party content and sending it to the client.
在本系列的第1部分中,我们介绍了JSONP是一种有效的跨域通信技术,允许您绕过当前浏览器带来的同源策略限制。
In Part 1 of this series, we introduced JSONP as an effective cross-domain communication technique, one that lets you bypass the same-origin policy limitations imposed by the current browsers.
同源策略是当前浏览器的保护机制的一部分,该机制将来自不同域(假设域代表的是始发者)的Web应用程序分离开来。
The same-origin policy is the part of the current browser's protection mechanism that isolates Web applications coming from different domains under an assumption that domains represent originators.
要从您的Web应用程序访问所有这些eBay数据,您需要通过使用一个泛型代理(generic proxy)来处理浏览器的同源策略。
To access all of this eBay data from your Web application, you will need to deal with the browser's same origin policy by using a generic proxy.
JSONP (JSONwithPadding)是一种可以绕过同源策略的方法,即通过使用JSON与标记相结合的方法,如清单1所示。
JSON with Padding (JSONP) is a way to bypass the same-origin policy by using JSON in combination with the tag, as shown in Listing 1.
应用推荐