Summary of cross-domain access issues between AJax and Jsonp

#JavaScript's AJax

AJAX is "Asynchronous Javascript And XML" (Asynchronous JavaScript and XML)
An important technology used in designing AJax is the XMLHttpRequest object.

xmlhttp = new ActiveObject("Microsoft.XMLHTTP"); // Creation method supported by IE browser
xmlhttp = new XMLHTTPRequest( ); // Creation method supported by FireFox, Opera and other browsers
XMLHttp is a set of APIs that can transmit or receive XML and other data through http protocol in scripting languages such as Javascript, VbScript, Jscript and so on. Can be used to simulate http GET and POST requests.
You can determine whether the window.XMLHttpRequest object is available and then create an XMLHttpRequest object.

JQuery's AJax

$.General form of ajax

$.ajax({ type: 'POST', url: url , data: data , dataType: dataType success: success , });

When the scene is different, we need to use Ajax instead. 1. Assemble json data. 2. Serialize table content. var formParam = $("#form1").serialize(); 3. Splice URLs. . . For example, when there are special strings (such as &) in our data, string splicing is not easy to use, which may make the submitted content incomplete. At this time, it will be easier to use Json.

Using jsonp to achieve cross-domain access


What is Jsonp? What does

How does jsonp achieve cross-domain access?

First explain why Ajax cannot be accessed across domains and why browsers restrict cross-domain access.

Assuming that the browser supports cross-domain access, we can access site B through XmlHttpRequest at site A. At this time, we have passed the verification of site B and obtained the cookie of site B. Then we can freely When you visit site B, site A can impersonate site B to perform all operations on site B that do not require further verification. This is quite dangerous.

How do we obtain cross-domain data?

We found that when calling js files on a Web page, it is not affected by whether it is cross-domain (not only that, we also found that all tags with the "src" attribute have cross-domain capabilities, such as script, img, iframe, etc. We can use this property of js to obtain the data we want.

In order to facilitate the client to use data, an informal transmission protocol has gradually formed. People call it JSONP. One of the key points of this protocol is to allow users to pass a callback parameter to the server. Then when the server returns data, it will use this callback parameter as a function name to wrap the JSON data, so that the client can customize it at will. Use your own function to automatically process the returned data.

Let’s take a look at what jsonp does.

1. We know that even cross-domain js files. The code in (of course it complies with the web script security policy), the web page can also be executed unconditionally. There is a remote.js file in the root directory of the remote server remoteserver.com with the following code:

alert('I am Remote file');

localHandler({"result":"I am the data brought by remote js"});

response.getWriter. print(callback + "(" + json +")");

flightHandler({ "code": "CA1998", "price": 1780, "tickets": 5 });

How to obtain cross-domain data through JSONP in jQuery

$.ajax({ dataType: 'jsonp', jsonp:'callback', url: 'http://www.a.com/user?id=123', success: function(data){ //处理data数据 } });

第二种方法是利用getJSON来实现，只要在地址中加上callback=?参数即可：

$.getJSON('http://www.a.com/user?id=123&callback=?', function(data){ //处理data数据 });

也可以简单地使用getScript方法：

//此时也可以在函数外定义foo方法 function foo(data){ //处理data数据 } $.getJSON('http://www.a.com/user?id=123&callback=foo');

JSONP的应用

JSONP在开放API中可以起到非常重要的作用，开放API是运用在开发者自己的应用上，而许多应用往往是在开发者的服务器上而不是在新浪微博的服务器上，因此跨域请求数据成为开发者们所需要解决的一大问题，广大开放平台应该实现对JSONP的支持，这一点新浪微博开放平台便做的非常好（虽然某些API里没有说明，但实际上是可以使用JSONP方式调用的）。

更多AJax与Jsonp跨域访问问题小结相关文章请关注PHP中文网！