问题描述
除了JSONP为什么同一个域策略被遵守?
Except for JSONP why is same domain policy is being followed?
推荐答案
同源策略已实现出于安全原因;引述维基百科相关的句子:
The Same Origin Policy has been implemented for security reasons ; quoting a relevant sentence from wikipedia :
该机构负有特定的 现代网络的意义 这取决于广泛的应用 在HTTP cookie来维护 经过身份验证的用户会话,因为 服务器充当基于HTTP cookie的 信息泄露敏感 信息或采取国有变化 动作。 一个严格分离 内容之间提供无关 站点必须保持在客户端 侧至prevent数据的丢失 保密性和完整性。
This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on client side to prevent the loss of data confidentiality or integrity.
基本上,你不希望任何给定网站的(就像任何网站,你可能会冲浪 - 我们都知道人们有时会到网站上,你不应该相信)的能从任何其他一个访问数据的(如您的网络邮件或社交网络帐户)的。
Basically, you don't want any given website (like any website you might be surfing on -- and we all know people sometimes arrive on websites that you shouldn't trust) being able to access data from any other one (like your webmail, or account on a social network).