Can an External JS file circumvent the same-origin policy?
I'm currently creating an API that requires the user to include an external javascript file from my server. However, the file requires that it calls an AJAX function (开发者_如何转开发located in the external javascript file) that pulls the user's API data from my server and outputs it on to their webpage.
Will I run into trouble regarding the same-origin policy? If so, are there any alternatives?
The policy is simple a same-domain policy, so, you shouldn't have a problem. For example, most webmasters load jQuery from Google's CDN, as they should, and they still use jQuery's Ajax with it. Hope that answers your question! (Sometimes I am completely oblivious to the actual question, so... hope it helps)
精彩评论