开发者

jQuery Cross Domain Errors

We are doing a jQuery post out to a jsp file.

We are including the full url to the jsp file that will return a string but in IE and FF the request is being blocked.

Is there a way around this?

            $.ajax(
                {
                    type : "post",
                    url  : "http://www.mydomain.com/my.j开发者_运维百科sp",
                    data : {string:"some string"},
                    success:doSuccess
                }

Changing the post to a get net's us the same data but would it also cause an XSS issue?

does using $.get have XSS issues?


You can reformat your output as JSONP. Full description here:

http://api.jquery.com/jQuery.getJSON/

Just for reference, the reason that your browsers are blocking this is to prevent cross domain scripting attacks: http://en.wikipedia.org/wiki/Cross-site_scripting . JSONP adds 'padding' to your string and prevents the string becoming a threat.


Are you doing a cross domain ajax request? What is the domain of the page which request the ajax resource?

Due to security reasons, support for cross domain ajax requests are limited.

This may give some input to you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜