Today we announced an update to GeoPlanet that adds a few new features. This topic provides information about each of these new features and examples for using them.
1) New "callback" query parameter
The callback parameter is used with the JSON response format (and new GeoJSON response format) to implement
JSONP. The callback parameter is a JavaScript function name that will be prepended to the JSON data (along with surrounding parentheses). This allows a GeoPlanet request to be used as the src parameter for a <script> tag and execute a previously defined JavaScript function.
Example:
The request
http://where.yahooapis.com/v1/place/12521721?appid=[yourappid]&format=json&callback=myfunc returns the following:
myfunc({"places":{"place":[{"woeid":12521721,"placeTypeName":"Airport","placeTypeName attrs":{"code":14},
"name":"San Francisco International Airport","country":"United States","country attrs":{"type":"Country","code":"US"},
"admin1":"California","admin1 attrs":{"type":"State","code":"US-CA"},
"admin2":"San Mateo","admin2 attrs":{"type":"County","code":""},
"admin3":"","locality1":"Millbrae","locality1 attrs":{"type":"Town"},"locality2":"",
"postal":"94128","postal attrs":{"type":"Zip Code"},"centroid":{"latitude":37.614712,"longitude":-122.391808},
"boundingBox":{"southWest":{"latitude":37.601822,"longitude":-122.408089},
"northEast":{"latitude":37.627602,"longitude":-122.375526}},
"uri":"http://where.yahooapis.com/v1/place/12521721","lang":"en-us"}],"start":0,"count":1,"total":1}});
This can be included in an HTML document:
<script src="http://where.yahooapis.com/v1/place/12521721?appid=[yourappid]&format=json&callback=myfunc"></script>
2) New "GeoJSON" response format
The GeoJSON response format returns geographic information using tags defined by
draft version 6 of the GeoJSON specification. In particular,all place resources are defined as Point types,the place centroid is returned in the coordinates element,and the place bounding box is returned in the bbox element.
Example:
The request
http://where.yahooapis.com/v1/place/12521721?appid=[yourappid]&format=geojson returns the following:
{"places":{"place":[{"woeid":12521721,"type":”Point”,”coordinates”:[-122.391808,37.614712],
"bbox":[-122.408089,37.601822,-122.375526,37.627602],"total":1}}
3) New $and filter for /places collection
The $and filter allows two other filters to be provided for requests for the /places collection. This means that a request can filter by place type as well as by place name. The $and filter takes two arguments that are filters themselves.
Example:
The request
http://where.yahooapis.com/v1/places$and(.q(Long+Island),.type(Town));count=0?appid=[yourappid] returns all places named “Long Island” that are towns.
Multiple place types can be provided. For example:
The request
http://gws1.dev01.maps.sp1.yahoo.com/v1/places$and(.q(Long+Island),.type(Town,Suburb));count=0?appid=[yourappid] returns all places named “Long Island” that are towns or suburbs.
4) New placetype resource
The placetype resource allows information to be returned about a single place type. This resource can simplify applications that want to use place type information.
Example:
The request
http://where.yahooapis.com/v1/placetype/10)?appid=[yourappid] returns the following:
<placeType yahoo:uri="http://where.yahooapis.com/v1/placetype/10" xml:lang="en-us">
<placeTypeName code="10">Local Administrative Area</placeTypeName>
</placeType>
5) Long description for placetype resource (and placetypes collection)
The placeType resource now has a long representation that includes a one line description for the place type. This can help users understand how the place type is used. The long representation can be selected for the placetypes collection as well.
Example:
The request
http://where.yahooapis.com/v1/placetype/10)?appid=[yourappid]&select=long returns the following:
<placeType yahoo:uri="http://where.yahooapis.com/v1/placetype/10" xml:lang="en-us">
<placeTypeName code="10">Local Administrative Area</placeTypeName>
<placeTypeDescription>One of the tertiary administrative areas within a country</placeTypeDescription>
</placeType>
We hope you find these new features useful. If you have suggestions for improving GeoPlanet,please let us know!
Eddie Babcock
Principal Engineer,Yahoo! Geo Technologies
使用JSONP进行跨域的数据传递
发布时间:2020-12-16 19:26:52 所属栏目:百科 来源:网络整理
导读:使用JSONP进行跨域的数据传递 先说说浏览器的“同源策略(SOP:Same Origin Policy)”,简单的说,就是浏览器限制脚本程序只能和同协议、同域名、同端口的脚本进行交互(共享、传递变量等),cookie的传递也是遵循这个策略的。这就给一些涉及到多个服务器的应用整
|
使用JSONP进行跨域的数据传递
先说说浏览器的“同源策略(SOP:Same Origin Policy)”,简单的说,就是浏览器限制脚本程序只能和同协议、同域名、同端口的脚本进行交互(共享、传递变量等),cookie的传递也是遵循这个策略的。这就给一些涉及到多个服务器的应用整合带来一些麻烦,举个列子来说: 以前遇到过一个需求,在A服务器上有一个公共的服务是通过脚本程序的形式提供的,其他应用可以调用这个脚本,弹出一个窗口选择人员,然后将选择的人员ID通过一个脚本变量返回。在同一个服务器上,这个脚本工作得很好,但在B服务器上的应用调用这个脚本时,却发现获取不到返回值,其实就是由于浏览器同源策略的限制。后来采用了windows剪贴板来传递数据,但不太稳定,也有跨浏览器、跨平台的问题,这个方法很不优雅。 后来发现有一种更好的方法解决跨域数据传递的问题,其实是利用了浏览器的一个特性:虽然浏览器不允许页面中的脚本程序跨域读取内存变量,但却允许HTML引用跨域的资源,比如图片、CSS,当然也包括脚本程序。引用的脚本程序比较特殊,他被浏览器解析以后,就和本地的脚本程序没有两样,立即进行解释并执行,比如在A站点的一个js文件,内容很简单,就是一个alert(“hello world!”);,在B站点引用了这个js以后,这个脚本就会在B站点的应用中执行,显示一个警告框。由于站外脚本的引用是通过script标签来实现的,而脚本程序通过DOM的方式可以对html页面的所有标签进行控制,包括动态的创建script标签,这就可以实现调用站外程序了。把前面的alert改成一个赋值语句,不就实现了参数的传递了吗?简单吧,哈哈。 JSONP又是什么呢?JSON应该大家都比较熟悉了,在AJAX程序传递数据时替代XML的佳品,还有不清楚的同学猛击这里了 使用JSONP的具体方法时,在创建的script标签src属性中,使用一个callback参数标识当前脚本的一个回调方法,回调方法的参数是一JSON格式对象。站外的程序处理完毕后,就输出一段调用这个回调方法的脚本,非常简洁! 基本上原理就是这样了,这个东东我是在研究GWT时才去了解的,参考:http://code.google.com/webtoolkit/tutorials/1.6/Xsite.html#request 以下是从雅虎摘录的一篇文件,虽然不是讲解jsonp但是涉及到了
============================以下是从google摘录的一篇文章================================================
JSONP
From Wikipedia,the free encyclopedia
JSONP or "JSON with padding" is a complement to the base JSON data format. It provides a method to request data from a server in a different domain,something prohibited by typical web browsers because of the Same origin policy. Under the same origin policy,a web page served from server1.example.com cannot normally connect to or communicate with a server other than server1.example.com. An exception is the HTML There have been some criticisms raised to JSONP. Cross-Origin Resource Sharing is a more recent method of getting data from a server in a different domain,which addresses some of those criticisms.
[edit] How it worksTo see how this pattern works,first consider a URL which on request returns a JSON document. A JavaScript program might request this URL via XMLHttpRequest,for example. Suppose a URL is {"Name": "Foo", "Id" : 1234, "Rank": 7} This JSON data could be dynamically generated,according to the query parameters passed in the URL. Now imagine specifying a URL that returns JSON as the src attribute for a In the JSONP usage pattern,the src attribute in the functionCall({"Name": "Foo", "Rank": 7}); The function call is the "P" of JSONP - the "padding" around the pure JSON,or according to some[1] the "prefix". By convention,the browser provides the name of the callback function as a named query parameter,typically using the name <script type="text/javascript" src="http://server2.example.com/RetrieveUser?UserId=1234&jsonp=parseResponse"> </script> In this example,the received payload would be: parseResponse({"Name": "Foo", "Rank": 7}); [edit] PaddingWhile the padding (prefix) is typically the name of a callback function that is defined within the execution context of the browser,it may also be a variable assignment,an if statement,or any other JavaScript statement. The response to a JSONP request (namely,a request following the JSONP usage pattern) is not JSON and is not parsed as JSON; the returned payload can be any arbitrary JavaScript expression,and it does not need to include any JSON at all. But conventionally,it is a JavaScript fragment that invokes a function call on some JSON-formatted data. Said differently,the typical use of JSONP provides cross-domain access to an existing JSON API,by wrapping a JSON payload in a function call. [edit] Script element injectionJSONP makes sense only when used with a script element. For each new JSONP request,the browser must add a new The dynamically injected script element for a jsonp call looks like this: <script type="text/javascript" src="http://server2.example.com/RetrieveUser?UserId=1234&jsonp=parseResponse"> </script> After the element is injected,the browser evaluates the element,and performs an HTTP GET on the src URL,retrieving the content. Then the browser evaluates the return payload as javascript. This is typically a function invocation. In that way,the use of JSONP can be said to allow browser pages to work around the same origin policy via script element injection. [edit] Security concernsIncluding script tags from remote sites allows the remote sites to inject any content into a website. If the remote sites have vulnerabilities that allow JavaScript injection,the original site is exposed to an increased risk. An effort is underway to define a safer strict subset definition for JSON-P[3] that browsers would be able to enforce on script requests with a specific MIME-type such as "application/json-p". If the response didn't parse as strict JSON-P,the browser could throw an error or just ignore the entire response. For the moment however the correct MIME-type is "application/javascript" for JSONP. [edit] Cross-site request forgeryNaive deployments of JSONP are subject to cross-site request forgery (CSRF or XSRF) attacks.[4] Because the HTML This is problematic only if the JSON-encoded data contains sensitive information which should not be disclosed to a third party,and the server depends on the browser's Same Origin Policy to block the delivery of the data in the case of an improper request. There is no problem if the server determines the propriety of the request itself,only putting the data on the wire if the request is proper. Cookies are not by themselves adequate for determining if a request was authorized. Exclusive use of cookies is subject to cross-site request forgery. [edit] HistoryIn July 2005 George Jempty suggested an optional variable assignment be prepended to JSON.[5][6] The original proposal for JSONP,where the padding is a callback function,appears to have been made by Bob Ippolito in December 2005[7] and is now used by many Web 2.0 applications such as by Dojo Toolkit, Google Web Toolkit,[8] and Web services. [edit] References
[edit] External links
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |