The problem is the same origin policy.
问题是同源策略。
This is the Same Origin Policy, which all browsers implement.
这就是所有浏览器都实现了的同源策略(Same Origin Policy)。
Due to the Same origin policy, the browser script can talk to the server only where it originates.
由于同源策略(Same origin),浏览器脚本只能与它所源自的那个服务器进行会话。
Being a Web application, our example is limited by the same origin policy enforced by all browsers.
作为一个Web应用程序,我们的示例也受限于目前所有浏览器均执行的同源策略。
CORS does not prevent CSRF, all it does is relax the restrictions enforced by the Same Origin Policy.
CORS不会阻止CSRF,它只是放松同源政策强制执行的限制。
To have a Web page retrieve content from third-party sources, you must circumvent the Same Origin Policy.
要让Web页面从第三方检索内容,必须避开同源策略。
Use of the tag to circumvent the Same Origin Policy allows the client to retrieve content from third parties.
使用标记避开同源策略使客户机能检索来自第三方的内容。
The scalability benefit of the tag comes at the cost of sidestepping the Same Origin Policy security model, introducing potential attack vulnerabilities.
标记的可伸缩性优点的获得以避开同源策略安全性模型为代价,可能导致易于收到攻击。
Additionally, the window's content must be on the same origin as the document you're interacting with it from, or you'll be blocked by the same origin Policy.
此外,窗口的内容必须与您要与其互动的文档位于同一来源,否则您将被同源政策。
This limitation is known as the same origin server security policy.
这项限制就是相同初始服务器安全性策略。
Some of the solutions proposed include relaxing the same-origin policy in the browser coupled with adding additional controls.
一些提出的解决方案包括:在辅以额外控制的同时,放宽同源策略的限制。
In Part 1 of this series, we introduced JSONP as an effective cross-domain communication technique, one that lets you bypass the same-origin policy limitations imposed by the current browsers.
在本系列的第1部分中,我们介绍了JSONP是一种有效的跨域通信技术,允许您绕过当前浏览器带来的同源策略限制。
The same-origin policy prevents a script loaded from one domain from getting or manipulating properties of a document from another domain.
同源策略阻止从一个域上加载的脚本获取或操作另一个域上的文档属性。
You can bypass the same-origin policy in many ways: We'll illustrate some of these ways later in the article.
可以通过许多方法绕过同源策略:稍后我将在文章中演示其中的一些方法。
The same-origin policy prevents websites from one domain from requesting data belonging to another domain.
同源策略限制了来自一个域的站点向另一个域请求数据。
When restricted by the browser's same Origin Policy, the same server that hosts the application must take on the task of fetching the third-party content and sending it to the client.
当受到浏览器的同源策略限制时,承载应用程序的服务器必须承担获取第三方内容并将其发送到客户机的任务。
Modern browsers use a same origin policy that only permits subsequent requests to be issued to the same domain where the page originated.
现代浏览器使用一种同源策略,只允许将后续请求发送给发出页面的相同域。
The browser's same-origin policy does not prevent CSRF attacks because the attack requests are transmitted to the same origin in proxy for the intruding third-party site.
浏览器的同源策略无法阻止CSRF攻击,因为攻击请求被传输到第三方入侵站点的代理中相同的源。
After being fetched, however, the content in the frames would be subject to the same-origin policy limitations.
不过,获取资源后,框架中的内容会受到同源策略的限制。
Note that the same-origin policy only applies to HTML documents.
注意,同源策略只能应用于HTML文档。
Helen Wang from the systems and networking group at Microsoft Research goes further into the failing of the same-origin policy.
来自微软研究院系统与网络组的HelenWang进一步指出了同源策略的失败之处。
The same-origin policy is the part of the current browser's protection mechanism that isolates Web applications coming from different domains under an assumption that domains represent originators.
同源策略是当前浏览器的保护机制的一部分,该机制将来自不同域(假设域代表的是始发者)的Web应用程序分离开来。
The URL of this Worker script is limited by the browser's same origin policy-it must come from the same domain that loaded the page that loaded the page script that is creating the Web Worker.
这个worker脚本的URL受到浏览器的同源策略的限制—它必须来自加载这个页面的同一个域,该页面已加载正在创建这个Web Worker的页面脚本。
In this article, we provided an overview of different ways in which Web 2.0 applications avoid the same-origin policy.
在这篇文章中,我们概述了在Web 2.0应用程序中避免同源策略的各种不同的方法。
In order to overcome the same-origin policy, the portlet USES the Ajax proxy layer to access these domains.
为了克服相同来源政策,portlet会使用Ajax代理层来访问这些域。
To access all of this eBay data from your Web application, you will need to deal with the browser's same origin policy by using a generic proxy.
要从您的Web应用程序访问所有这些eBay数据,您需要通过使用一个泛型代理(generic proxy)来处理浏览器的同源策略。
To the Web application developer, it might look like he doesn't have the same-origin policy at all.
对于Web应用程序开发人员而言,它看上去可能完全不具有同源策略。
Limitations of the browser same-origin policy and how these are overcome.
浏览器同源策略的限制以及解决办法。
One of the major constraints of Ajax is the notorious same origin policy.
Ajax的一个主要不足就是为人诟病的同源策略。
JSONP as an effective cross-domain communication technique, by-passing the same-origin policy limitations.
作为一种有效的跨域通信技术,JSONP能够绕过当前浏览器的同源策略限制。
应用推荐