浏览器的同源策略

Leave a Comment / Security / July 2, 2010

如果脚本试图向本站(域名、端口相同)发送HTTP请求,浏览器会允许发出这种请求并返回响应

如果脚本试图向他站发送HTTP请求,浏览器仍会允许发出请求,但并不会返回响应

但是,可以通过以下代码绕过这个限制: 

    var s = document.createElement("SCRIPT");
    document.getElementsByTagName("HEAD")[0].appendChild(s);
    s.src="http://xxx.com/someJson.do";

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.