我正在构建一个 AJAX 应用程序来查询 OData 端点。我一直在对 Netflix OData 提要进行一些测试,发现了一些我没有得到的东西:
当我向 url(例如http://odata.netflix.com/v1/Catalog/Titles)发出 .ajax() 请求时,我收到错误消息:“Access-Control-Allow-Origin 不允许 Origin null” . 但是,当我将相同的 url 放入浏览器时,请求会通过并且我得到响应。
我没有得到的根本区别是什么?浏览器如何绕过同源策略?
我还将 JSONP 用于 Netflix 的 OData。它似乎适用于我的应用程序。我已经在我的博客http://bit.ly/95HXLM下发布了代码和解释
下面还有一些示例片段:
49. // Make JSONP call to Netflix
50. $.ajax({
51. dataType: "jsonp",
52. url: query,
53. jsonpCallback: "callback",
54. success: callback
55. });
56. });
57.
58. function callback(result) {
59. // unwrap result
60. var movies = result.d.results;
61.
62. $("#movieTemplateContainer").empty();
63. $("#movieTemplate").tmpl(movies).appendTo("#movieTemplateContainer");
64. }
The same origin policy applies to HTTP requests issued from within code loaded with pages from remote sites. That code is disallowed by the machine from issuing new requests for content from different domains, under the assumption that you, the user in control, were OK with fetching content from haxors.r.us, but you wouldn't want that site to issue HTTP requests to bankofamerica.com without your say-so. However, the browser should allow you, the user in control, to issue HTTP requests to anywhere. Indeed, with Humanity fading in the shadow of the Machine, I demand it. I demand it!
You can make requests to that URL from your server, and then pass along the response to your code on the client (after any sort of filtering or extraction your server code may choose to do). Alternatively, Netflix may support a JSONP API, which would allow your client-side code to issue GET requests as script fetches, with results to be interpreted as Javascript code.
Also it should be noted that this policy has nothing at all to do with jQuery itself. It's a basic security rule on the XMLHttpRequest mechanism.