數據表 - 使用具有多個表和動態參數的Ajax數據源（sAjaxSource）

Question

我有兩個數據表，我試圖通過GET請求向數據庫API填充數據。我的數據源url是localhost：5000/data，但我無法獲取數據表來顯示數據。當我創建一個靜態的.txt文件時，我可以獲取數據。我查看了我的GET請求，看起來它正在附加一些來自jQuery的事件ID（我對此很新...）。我最終希望能夠將自定義參數傳遞給GET請求，以便根據用戶點擊第一個表中的哪一行來過濾第二個表。

我嘗試過使用aaData和sAjaxSource，但無法讓任何一個人工作。

我的JSON對象是這樣的形式：

{ 
    "items": [ 
    { 
     "column1": "Foo", 
     "column2": "Bar", 
     "column3": "1.54" 
    }, 
    { 
     "column1": "Blah", 
     "column2": "Tah", 
     "column3": "1.54" 
    } 
    ] 
} 

表1 - 我使用的是靜態文本文件裏，該表顯示細膩

$(document).ready(function() { 
    $('#table1').dataTable({ 
     "bProcessing": true, 
     "sAjaxSource": "/thisWorks.txt", 
     "sAjaxDataProp": "item", 
     "aoColumns": [ 
     { 
      "mData": "column1" 
     }, 
     { 
      "mData": "column2" 
     }, 
     { 
      "mData": "column3" 
     } 
     ] 
    }); 


    $('#example tbody').on('click', 'tr', function() { 
     var clickId = $('td', this).eq(0).text(); 
    }); 

表2 - 無法獲得這一個去工作

$('#table2').dataTable({ 
    "bProcessing": true, 
    "sAjaxSource": "http://localhost:5000/data?column1=1234", 
    "sAjaxDataProp": "items", 
    "aoColumns": [ 
    { "mData": "column1" }, 
    { "mData": "column2" }, 
    { "mData": "column3" } 
    ] 
}); 

當我在我的鉻控制檯看，我看到我的第二個Ajax請求被解釋爲東西李柯：

http://localhost:5000/data?column1=1234&_1412145757890 

最後，我想從我的第一臺通過的clickId的價值，在我的第二個表阿賈克斯源，因此任何指導，有將不勝感激。

謝謝！

Answer 1

https://softwareengineering.stackexchange.com/questions/216605/how-do-web-servers-enforce-the-same-origin-policy

The same origin policy is a wholly client-based restriction, and is primarily engineered to protect users, not services. All or most browsers include a command-line switch or configuration option to to turn it off. The SOP is like seat belts in a car: they protect the rider in the car, but anyone can freely choose not to use them. Certainly don't expect a person's seat belt to stop them from getting out of their car and attacking you (or accessing your Web service).

Suppose I write a program that accesses your Web service. It's just a program that sends TCP messages that include HTTP requests. You're asking for a server-side mechanism to distinguish between requests made by my program (which can send anything) and requests made by a browser that has a page loaded from a permitted origin. It simply can't be done; my program can always send a request identical to one formed by a Web page.

The same-origin policy was invented because it prevents code from one website from accessing credential-restricted content on another site. Ajax requests are by default sent with any auth cookies granted by the target site. For example, suppose I accidentally load http://evil.com/ , which sends a request for http://mail.google.com/ . If the SOP were not in place, and I was signed into Gmail, the script at evil.com could see my inbox. If the site at evil.com wants to load mail.google.com without my cookies, it can just use a proxy server; the public contents of mail.google.com are not a secret (but the contents of mail.google.com when accessed with my cookies are a secret).