background
The old project was a Vue shelf, but Jquery was introduced, and a third-party checker swept up a security hole, and that was it
To solve
Cookie, sessionStorage, localStorage, etc.
To solve the problem, first reproduce the problem with a mock server, github.com/xiaodun/sf-…
The content-Type returned first needs to be a “script “, for example:
"Content-Type": "text/javascript",
Copy the code
<! DOCTYPE html> <html lang="zh-cn"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, < span style=" color: RGB (0, 0, 0); color: RGB (0, 0, 0); border: 1px solid #000">12</div> </body> <script SRC = "https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.3/jquery.min.js" > < / script > < script > $. Ajax (" http://192.168.10.177:9192/example/api/1 "); </script> </html>Copy the code
Interface return content
Then it automatically executes
The default JQuery configuration looks like this
jQuery.ajaxSetup( { accepts: { script: "text/javascript, application/javascript, " + "application/ecmascript, application/x-ecmascript" }, converters: { "text script": function( text ) { jQuery.globalEval( text ); return text; }}});Copy the code
The key is jquery.globaleval (text); , just remove it, for example:
$.ajaxSetup({ converters: { "text script": function (text) { return text; ,}}});Copy the code
We can solve this problem.