- Daten transferieren
- user Input
- Daten speichern
- Daten validieren
verbietet andere Quellen
- Cross-Origin Resource Sharing.
- ermöglicht vertrauenswürdige Origins
- HTTP-Header:
Access-Control-Allow-Origin
- JSON with Padding
- Daten laden via embedded resources
- umgehen der same-origin policy
- JS kommt zurück, ruft callback auf
- (-) Kein Errorhandling
- (-) JSONP unsicher wegen einfachem cross-side scriptinjection
var movie = { number: 1, title: "Dr. No" };
var movieStr = JSON.stringify(movie);
var movieAgain = JSON.parse(movieStr);var request = new XMLHttpRequest();
request.onreadystatechange = function() {
if (this.readyState === 4 && this.status === 200) {
var catalog = JSON.parse(this.responseText);
console.log(catalog.movies[0].title);
}
};
request.open('GET', 'https://ma.ch', true);
request.send()const catalog = JSON.parse(request.responseText);
const now = new Date().toLocaleTimeString();
catalog.movies[0].title = "Modified at " + now;
// convert to string and upload to server
const data = JSON.stringify(catalog.movies[0]);
request.open("PUT", "https://ma.ch/0", false);
request.send(data);