\u76ee\u524d\u5927\u591a\u6570\u5e94\u7528\u7a0b\u5e8f\u90fd\u4f1a\u5305\u542b\uff1a\u670d\u52a1\u5668\u7aef\u903b\u8f91\u3001\u5ba2\u6237\u7aef\u903b\u8f91\u3001\u6570\u636e\u5b58\u50a8\u3001\u6570\u636e\u4f20\u8f93\u3001\u4ee5\u53caAPI\u7b49\u591a\u4e2a\u7ec4\u4ef6\u3002\u4e0e\u6b64\u540c\u65f6\uff0c\u6bcf\u79cd\u8bed\u8a00\u3001\u6846\u67b6\u3001\u4ee5\u53ca\u73af\u5883\u7684\u4f7f\u7528\uff0c\u90fd\u4f1a\u8ba9\u5e94\u7528\u7a0b\u5e8f\u66b4\u9732\u4e8e\u4e00\u7ec4\u72ec\u7279\u7684\u6f0f\u6d1e\u4e4b\u4e2d\u3002\u4e3a\u4e86\u4fdd\u8bc1\u8fd9\u4e9b\u7ec4\u4ef6\u7684\u5b89\u5168\uff0c\u7b2c\u4e00\u65f6\u95f4\u53d1\u73b0\u5e94\u7528\u7684\u6f0f\u6d1e\uff0c\u8fdb\u800c\u6784\u5efa\u51fa\u4e00\u4e2a\u5b89\u5168\u6001\u52bf\u8f83\u9ad8\u7684\u5e94\u7528\uff0c\u5f80\u5f80\u9700\u8981\u6211\u4eec\u4ed8\u51fa\u4e0d\u61c8\u7684\u52aa\u529b\u3002<\/p>\n

$\"\"$ <\/p>\n

Happy girl is playing with group of books in studio<\/p>\n<\/div>\n

\u503c\u5f97\u5e86\u5e78\u7684\u662f\uff0c\u5927\u591a\u5e94\u7528\u7a0b\u5e8f\u7684\u6f0f\u6d1e\u90fd\u6709\u7740\u76f8\u4f3c\u3001\u751a\u81f3\u76f8\u540c\u7684\u5e95\u5c42\u539f\u56e0\u3002\u7814\u7a76\u8fd9\u4e9b\u5e38\u89c1\u7684\u6f0f\u6d1e\u7c7b\u578b\u3001\u4ee5\u53ca\u80cc\u540e\u7684\u539f\u56e0\uff0c\u5c06\u6709\u52a9\u4e8e\u6211\u4eec\u5bf9\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u6070\u5f53\u7684\u9632\u62a4\u3002<\/p>\n

\u4e0b\u9762\uff0c\u6211\u5c06\u548c\u60a8\u4e00\u8d77\u8ba8\u8bba\u5f71\u54cdAngular\u548cReact\u5e94\u7528\u7684\u5982\u4e0b\u516d\u79cd\u6700\u5e38\u89c1\u7684\u6f0f\u6d1e\uff0c\u4ee5\u53ca\u5982\u4f55\u53d1\u73b0\u548c\u9884\u9632\u5b83\u4eec\uff1a<\/p>\n

\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7<\/li>\n

\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53<\/li>\n

\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411<\/li>\n

\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 (CSRF)<\/li>\n

\u6a21\u677f\u6ce8\u5165<\/li>\n

\u8de8\u7ad9\u70b9\u811a\u672c\u5305\u542b (XSSI)<\/li>\n

\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7<\/strong><\/div>\n
\u8eab\u4efd\u9a8c\u8bc1\u662f\u6307\u5728\u6267\u884c\u654f\u611f\u64cd\u4f5c\u3001\u6216\u8bbf\u95ee\u654f\u611f\u6570\u636e\u4e4b\u524d\uff0c\u5148\u9a8c\u660e\u8eab\u4efd\u7684\u5408\u6cd5\u6027\u3002\u5982\u679c\u5728\u5e94\u7528\u7a0b\u5e8f\u4e0a\u672a\u80fd\u6b63\u786e\u5730\u5b9e\u65bd\u8eab\u4efd\u9a8c\u8bc1\uff0c\u90a3\u4e48\u653b\u51fb\u8005\u5c06\u53ef\u4ee5\u5229\u7528\u6b64\u7c7b\u9519\u8bef\u914d\u7f6e\uff0c\u6765\u8bbf\u95ee\u4ed6\u4eec\u672c\u4e0d\u8be5\u80fd\u591f\u8bbf\u95ee\u5230\u7684\u670d\u52a1\u4e0e\u529f\u80fd\u3002\u4f8b\u5982\uff0cAngular\u901a\u5e38\u4f7f\u7528AppRoutingModule\u6765\u8fdb\u884c\u8def\u7531\u3002\u5728\u5c06\u7528\u6237\u5f15\u5bfc\u81f3\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u654f\u611f\u8def\u7531\u4e4b\u524d\uff0c\u60a8\u5e94\u8be5\u68c0\u67e5\u7528\u6237\u662f\u5426\u5df2\u901a\u8fc7\u4e86\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u88ab\u6388\u6743\u4e86\u8bbf\u95ee\u8be5\u8d44\u6e90\u3002\u8bf7\u53c2\u8003\u5982\u4e0b\u4ee3\u7801\u6bb5\uff1a<\/p>\n
\r\n@NgModule({\r\n imports: [RouterModule.forRoot([\r\n \r\n \/\/ These paths are available to all users.\r\n { path: '', component: HomeComponent },\r\n { path: 'features', component: FeaturesComponent },\r\n { path: 'login', component: LoginComponent },\r\n \r\n \/\/ These routes are only available to users after logging in.\r\n { path: 'feed', component: FeedComponent, canActivate: [ AuthGuard ]},\r\n { path: 'profile', component: ProfileComponent, canActivate: [ AuthGuard ]},\r\n \r\n \/\/ This is the fall-through component when the route is not recognized.\r\n { path: '**', component: PageNotFoundComponent}\r\n \r\n ])],\r\n \r\n exports: [RouterModule]\r\n \r\n })\r\n \r\n export class AppRoutingModule {}\r\n<\/pre>\n
\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53<\/strong><\/div>\n
\u653b\u51fb\u8005\u4f1a\u60f3\u65b9\u8bbe\u6cd5\u7ed5\u8fc7\u90a3\u4e9b\u8bbf\u95ee\u6743\u9650\u63a7\u5236\u5b9e\u65bd\u4e0d\u5f53\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u8bbf\u95ee\u63a7\u5236\u4e0d\u4ec5\u4ec5\u53ea\u5305\u62ec\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u6211\u4eec\u9664\u4e86\u9700\u8981\u8bc1\u660e\u7528\u6237\u7684\u8eab\u4efd(\u5373\u201c\u4f60\u662f\u8c01?\u201d)\uff0c\u8fd8\u8981\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u6388\u4e88\u76f8\u5e94\u7684\u6743\u9650(\u5373\u201c\u4f60\u53ef\u4ee5\u505a\u4ec0\u4e48?\u201d)\u3002\u53ea\u6709\u901a\u8fc7\u4e24\u8005\u53cc\u7ba1\u9f50\u4e0b\uff0c\u624d\u80fd\u5171\u540c\u786e\u4fdd\u7528\u6237\u4e0d\u4f1a\u8bbf\u95ee\u5230\u8d85\u51fa\u5176\u6743\u9650\u7684\u670d\u52a1\u4e0e\u529f\u80fd\u3002<\/p>\n
\u76ee\u524d\uff0c\u6211\u4eec\u6709\u591a\u79cd\u65b9\u5f0f\u4e3a\u7528\u6237\u914d\u7f6e\u6388\u6743\uff0c\u5176\u4e2d\u5305\u62ec\uff1a\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u57fa\u4e8e\u6240\u6709\u6743\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u4ee5\u53ca\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u7b49\u3002\u800c\u5f00\u53d1\u4eba\u5458\u5e38\u72af\u7684\u4e00\u79cd\u9519\u8bef\u662f\u5728\u5ba2\u6237\u7aef\u6267\u884c\u6388\u6743\u68c0\u67e5\u3002\u7531\u4e8e\u653b\u51fb\u8005\u53ef\u4ee5\u64cd\u63a7\u548c\u8986\u76d6\u5ba2\u6237\u7aef\u7684\u68c0\u67e5\uff0c\u56e0\u6b64\u8fd9\u662f\u4e0d\u5b89\u5168\u7684\u3002\u53ef\u89c1\uff0c\u6b64\u7c7b\u6388\u6743\u68c0\u67e5\u5fc5\u987b\u4f7f\u7528\u670d\u52a1\u5668\u7aef\u7684\u4ee3\u7801\u6765\u6267\u884c\u3002\u8bf7\u53c2\u8003\u5982\u4e0b\u4ee3\u7801\u6bb5\uff1a<\/p>\n
\r\nexport class AdministratorGuard implements CanActivate {\r\n constructor(private authService: AuthService, private router: Router) {}\r\n canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable {\r\n \/\/ Check whether this user is an administratoor. \r\n return this.authService.isAdmin().pipe(\r\n map(isAdmin => {\r\n if (!isAdmin) {\r\n return this.router.parseUrl('\/')\r\n }\r\n return isAdmin\r\n })\r\n )\r\n }\r\n}\r\nexport class AuthService {\r\n constructor(private http: HttpClient) {}\r\n \/\/ Whether the user is currently logged in.\r\n loggedIn: boolean | null = null\r\n \/\/ The user object object encompassing the user's name and role. Will be set\r\n user: User | null = null\r\n \/\/ Check whether the current user is an administrator.\r\n isAdmin(): Observable {\r\n return this.getCurrentUser().pipe(map(user => {\r\n return user != null && user.role === 'admin'\r\n }))\r\n }\r\n \/\/ Get the user definition from local state, or the server (if this is the first time we are checking).\r\n getCurrentUser(): Observable {\r\n if (this.loggedIn !== null) {\r\n return of(this.user)\r\n }\r\n return this.http.get<\/user>('\/api\/auth', {\r\n responseType: 'json'\r\n }).pipe(\r\n tap({\r\n next: user => {\r\n \/\/ If we get a user definition from the server it indicates this user is logged in. \r\n this.user = user\r\n this.loggedIn = true\r\n },\r\n error: error => {\r\n \/\/ A 401 response from the server indicates this user is not logged in. \r\n this.user = null\r\n this.loggedIn = false\r\n }\r\n }),\r\n catchError(() => {\r\n return of(null)\r\n })\r\n )\r\n }\r\n}\r\nexport interface User {\r\n username: string\r\n role: string\r\n}\r\n<\/user><\/boolean><\/true><\/pre>\n
\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411<\/strong><\/div>\n
\u4f8b\u5982\uff0c\u5f53\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u5c1d\u8bd5\u7740\u8bbf\u95ee\u9700\u8981\u767b\u5f55\u540e\u624d\u80fd\u770b\u5230\u7684\u9875\u9762\u65f6\uff0c\u7f51\u7ad9\u5c31\u9700\u8981\u5c06\u8be5\u7528\u6237\u81ea\u52a8\u91cd\u5b9a\u5411\u5230\u767b\u5f55\u9875\u9762\uff0c\u5e76\u5728\u4ed6\u4eec\u901a\u8fc7\u4e86\u8eab\u4efd\u9a8c\u8bc1\u4e4b\u540e\uff0c\u518d\u8ba9\u5176\u8fd4\u56de\u5230\u539f\u6765\u7684\u4f4d\u7f6e\u3002<\/p>\n
\u5728\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411\u653b\u51fb\u53d1\u751f\u65f6\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u5411\u7528\u6237\u63d0\u4f9b\u6765\u81ea\u5408\u6cd5\u7ad9\u70b9\u7684URL\uff0c\u4ee5\u6b3a\u9a97\u7528\u6237\u8bbf\u95ee\u67d0\u4e2a\u5916\u90e8\u7ad9\u70b9\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u8be5URL\u4f1a\u5c06\u5176\u91cd\u5b9a\u5230\u5176\u4ed6\u7ad9\u70b9\u3002\u800c\u8be5\u7ad9\u70b9\u4e00\u9762\u8bbe\u6cd5\u8ba9\u7528\u6237\u76f8\u4fe1\u4ed6\u4eec\u4ecd\u7136\u5728\u539f\u59cb\u7f51\u7ad9\u4e0a\uff0c\u4e00\u9762\u5e2e\u52a9\u653b\u51fb\u8005\u6784\u5efa\u51fa\u66f4\u52a0\u770b\u4f3c\u53ef\u4fe1\u7684\u7f51\u7edc\u9493\u9c7c\u6d3b\u52a8\u3002<\/p>\n
\u4e3a\u4e86\u9632\u6b62\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411\uff0c\u60a8\u9700\u8981\u786e\u4fdd\u5e94\u7528\u7a0b\u5e8f\u4e0d\u4f1a\u8f7b\u6613\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u90a3\u4e9b\u6076\u610f\u7ad9\u70b9\u7684\u4f4d\u7f6e\u3002\u4f8b\u5982\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u9a8c\u8bc1\u91cd\u5b9a\u5411URL\uff0c\u6765\u5b8c\u5168\u7981\u6b62\u79bb\u7ad9\u91cd\u5b9a\u5411\u884c\u4e3a\u3002\u8bf7\u53c2\u8003\u5982\u4e0b\u4ee3\u7801\u6bb5\uff1a<\/p>\n
\r\nexport class LoginComponent {\r\n \r\n \/\/ The username and password entered by the user in the login form.\r\n username = '';\r\n password = '';\r\n \r\n \/\/ The destination URL to redirect the user to once they log in successfully.\r\n destinationURL = '\/feed'\r\n \r\n constructor(private authService : AuthService,\r\n private route : ActivatedRoute,\r\n private router : Router) { }\r\n \r\n ngOnInit() {\r\n this.destinationURL = this.route.snapshot.queryParams['destination'] || '\/feed';\r\n }\r\n \r\n onSubmit() {\r\n this.authService.login(this.username, this.password)\r\n .subscribe(\r\n () => {\r\n \/\/ After the user has lgged in, redirect them to their desired destination.\r\n let url = this.destinationURL\r\n \r\n \/\/ Confirm that the URL is a relative path - i.e. starting with a single '\/' characters.\r\n if (!url.match(\/^\\\/[^\\\/\\\\]\/)) {\r\n url = '\/feed'\r\n }\r\n \r\n this.router.navigate([ url ])\r\n })\r\n }\r\n}\r\n<\/pre>\n
\u5f53\u7136\uff0c\u6211\u4eec\u8fd8\u6709\u8bb8\u591a\u5176\u4ed6\u65b9\u6cd5\u53ef\u4ee5\u9632\u6b62\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411\u7684\u53d1\u751f\u3002\u4f8b\u5982\uff1a\u5bf9\u8bf7\u6c42\u5f15\u7528\u65b9\u4e88\u4ee5\u68c0\u67e5\u3001\u6216\u4f7f\u7528\u9875\u9762\u7d22\u5f15\u8fdb\u884c\u91cd\u5b9a\u5411\u3002\u4e0d\u8fc7\uff0c\u6b63\u56e0\u4e3a\u9a8c\u8bc1URL\u76f8\u5bf9\u6bd4\u8f83\u56f0\u96be\uff0c\u56e0\u6b64\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411\u4ecd\u7136\u662f\u5f53\u4ee3Web\u5e94\u7528\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\u3002<\/p>\n
\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020<\/strong><\/div>\n
\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020(Cross-Site Request Forgery\uff0cCSRF)\u662f\u4e00\u79cd\u5ba2\u6237\u7aef\u6280\u672f\uff0c\u53ef\u7528\u4e8e\u653b\u51fbWeb\u5e94\u7528\u7684\u5176\u4ed6\u7528\u6237\u3002\u4f7f\u7528CSRF\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u53d1\u9001\u865a\u5047\u7684\u3001\u6765\u81ea\u53d7\u5bb3\u8005\u7684HTTP\u8bf7\u6c42\uff0c\u53bb\u6267\u884c\u653b\u51fb\u8005\u7684\u5371\u5bb3\u6027\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u653b\u51fb\u8005\u4f1a\u5728\u672a\u7ecf\u8bb8\u53ef\u7684\u60c5\u51b5\u4e0b\uff0c\u66f4\u6539\u53d7\u5bb3\u8005\u7684\u5bc6\u7801\u3001\u6216\u4ece\u5176\u94f6\u884c\u8d26\u6237\u91cc\u8f6c\u8d26\u3002<\/p>\n
\u4e0e\u5f00\u653e\u5f0f\u91cd\u5b9a\u5411\u4e0d\u540c\uff0c\u6211\u4eec\u76ee\u524d\u5df2\u6709\u4e00\u79cd\u884c\u4e4b\u6709\u6548\u7684\u5bf9\u6297CSRF\u7684\u65b9\u6cd5\uff0c\u5373\uff1a\u4f7f\u7528CSRF\u4ee4\u724c\u548cSameSite Cookie\u7684\u7ec4\u5408\uff0c\u4ee5\u907f\u514d\u4f7f\u7528GET\u8bf7\u6c42\u8fdb\u884c\u5404\u9879\u72b6\u6001\u66f4\u6539\u7684\u64cd\u4f5c\u3002\u4f8b\u5982\uff0cAngular\u5141\u8bb8\u60a8\u4f7f\u7528HttpClientXsrfModule\u6a21\u5757\uff0c\u5411HTTP\u8bf7\u6c42\u6dfb\u52a0\u9632\u4f2a\u7684\u4ee4\u724c\u3002\u8bf7\u53c2\u8003\u5982\u4e0b\u4ee3\u7801\u6bb5\uff1a<\/p>\n
\r\n@NgModule({\r\n declarations: [],\r\n imports: [\r\n BrowserModule,\r\n HttpClientModule,\r\n HttpClientXsrfModule.withOptions({\r\n cookieName: 'XSRF-TOKEN',\r\n headerName: 'X-CSRF-TOKEN'\r\n }),\r\n ],\r\n providers: [],\r\n bootstrap: [AppComponent]\r\n})\r\nexport class AppModule {\r\n}\r\n<\/pre>\n
\u6a21\u677f\u6ce8\u5165<\/strong><\/div>\n
\u7c7b\u4f3c\u4e8eHTML\u6587\u4ef6\u7684Web\u6a21\u677f\uff0c\u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u4e00\u79cd\u901a\u8fc7\u5c06\u5e94\u7528\u6570\u636e\u4e0e\u9759\u6001\u6a21\u677f\u76f8\u7ed3\u5408\uff0c\u4ee5\u6307\u5b9a\u5982\u4f55\u5448\u73b0\u9875\u9762\u7684\u65b9\u6cd5\u3002\u6b64\u529f\u80fd\u5141\u8bb8\u5f00\u53d1\u4eba\u5458\u5c06\u4ece\u6570\u636e\u5e93\u6216HTTP\u8bf7\u6c42\u4e2d\u68c0\u7d22\u5230\u7684\u52a8\u6001\u5185\u5bb9\uff0c\u63d2\u5165\u5230\u7f51\u9875\u4e2d\u3002<\/p>\n
\u987e\u540d\u601d\u4e49\uff0c\u6a21\u677f\u6ce8\u5165\u9700\u8981\u6ce8\u5165\u5230\u7f51\u9875\u7684\u6a21\u677f\u4e2d\u3002\u6839\u636e\u53d7\u611f\u67d3\u5e94\u7528\u7684\u6743\u9650\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u6a21\u677f\u6ce8\u5165\u7684\u6f0f\u6d1e\uff0c\u6765\u8bfb\u53d6\u654f\u611f\u6587\u4ef6\u3001\u6267\u884c\u6076\u610f\u4ee3\u7801\u3001\u6216\u63d0\u5347\u4ed6\u4eec\u5728\u7cfb\u7edf\u4e0a\u7684\u5404\u79cd\u6743\u9650\u3002\u4e0b\u9762\u5c55\u793a\u4e86Angular\u6a21\u677f\u7684\u4e0d\u5b89\u5168\u7528\u6cd5\u3002\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7URL\u7684\u54c8\u5e0c\u503c\uff0c\u6765\u6076\u610f\u6ce8\u5165\u4ee3\u7801\uff1a<\/p>\n
\r\n@Component({\r\n selector: 'app-header',\r\n template: 'h1' + (window.location.hash || 'Home') + '\/h1'\r\n})\r\nexport class HeaderComponent {}\r\n<\/pre>\n
\u6ce8\u610f\uff1a\u8bf7\u5343\u4e07\u4e0d\u8981\u76f4\u63a5\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u8fde\u63a5\u5230\u6a21\u677f\u4e2d\uff0c\u800c\u5e94\u8be5\u4f7f\u7528\u6a21\u677f\u5f15\u64ce\u7684\u5185\u7f6e\u66ff\u6362\u673a\u5236\uff0c\u6765\u5b89\u5168\u5730\u5d4c\u5165\u52a8\u6001\u8f93\u5165\u3002\u8bf7\u53c2\u8003\u5982\u4e0b\u4ee3\u7801\u6bb5\uff1a<\/p>\n
\r\n@Component({\r\n selector: 'app-header',\r\n template: 'h1{{ title }}\/h1'\r\n})\r\nexport class HeaderComponent {\r\n title = '' \r\n \r\n ngOnInit() {\r\n this.title = window.location.hash || 'Home';\r\n }\r\n}\r\n<\/pre>\n
\u8de8\u7ad9\u70b9\u811a\u672c<\/strong><\/div>\n
\u8de8\u7ad9\u70b9\u811a\u672c\u5305\u542b\u7684\u653b\u51fb\u4e5f\u79f0\u4e3aXSSI(Cross-Site Script Inclusion)\u3002\u6b64\u7c7b\u653b\u51fb\u53d1\u751f\u5728\u5f53\u6076\u610f\u7ad9\u70b9\u5305\u542b\u4e86\u6765\u81ea\u53d7\u5bb3\u8005\u7ad9\u70b9\u7684Javascript\uff0c\u5e76\u901a\u8fc7\u811a\u672c\u63d0\u53d6\u5176\u654f\u611f\u4fe1\u606f\u65f6\u3002<\/p>\n
\u540c\u6e90\u7b56\u7565\uff08same-origin policy\uff0cSOP\uff09\u901a\u5e38\u53ef\u4ee5\u8d77\u5230\u63a7\u5236\u6570\u636e\u8de8\u6e90\uff08cross-origins\uff09\u8bbf\u95ee\u7684\u4f5c\u7528\u3002\u4e0d\u8fc7\uff0cSOP\u5e76\u4e0d\u80fd\u9650\u5236JavaScript\u4ee3\u7801\uff0c\u800c\u4e14HTML