我向具有与我的网站不同的域名的API发出ajax请求。为了使数据可以跨浏览器访问,我使用JSONP,但Safari仍然阻止它。但它适用于Chrome。
我将响应字符串注入HTML按钮的文本中。我用JSONP做错了吗?我是否必须将JSONP注入脚本标记才能使其正常工作?
我是否必须构建代理?客户端有什么选择?是否还需要在API服务器端完成其他工作?
我搜索了SO,但我还没有找到任何明确的答案。我读到实际上在脚本标记中将数据加载到网站中可能容易出现安全问题。
错误:
different-domain-api.com&callback=jQuery123456&_=56789000
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “different-domain-api.com” which could put your confidential information at risk.
//启动模块代码:
var myObject = {},
subscribeBtn = $("#subscribe-btn > span");
myObject.priceChangeHandler = function () {
priceChangeModule.ajaxRequest(params)
.done( self.successFunc ) // extracting the success callback to another method
.fail(function (error) {
console.log("Errors in safari", error);
return error;
});
});
myObject.successFunc = function (data) {
subscribeBtn.text(data.result[0]);
console.log("Displays data in Chrome correctly", data);
};
// priceChangeModule代码:
ajaxRequest: function (params) {
return $.ajax({
dataType: 'jsonp',
url: '//different-domain-api.com',
type: 'GET',
timeout: 120000
});
}
响应:
/**/jQuery123456({data});
接头:
General:
Request URL: //different-domain-api.com&callback=jQuery123456&_=56789000
Request Headers:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Host:different-domain-api.com
Response Headers:
Content-Type:application/javascript;charset=UTF-8