为什么不允许跨域AJAX通话?

前端之家收集整理的这篇文章主要介绍了为什么不允许跨域AJAX通话?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
除了 JSONP,为什么要遵循相同的域策略?
出于安全考虑,实行同源政策;引用相关句子从 wikipedia

This mechanism bears a particular
significance for modern web
applications that extensively depend
on HTTP cookies to maintain
authenticated user sessions,as
servers act based on the HTTP cookie
information to reveal sensitive
information or take state-changing
actions.
A strict separation
between content provided by unrelated
sites must be maintained on client
side to prevent the loss of data
confidentiality or integrity.

基本上,你不想要任何给定的网站(像任何你可能正在冲浪的网站,我们都知道人们有时到达你不应该信任的网站)能够从任何其他网站访问数据,或社交网络上的帐户).

猜你在找的Ajax相关文章