Free tutorials, articles, examples for web 2.0 return to the ajax category return to the category go to ajax tutorial maximize view
 





Tags Map

ajax cross data developer domain email gmail hack http ip javascript jimbojwcom malicious origin party policy problem proxy script scripting server services set side site tab web weekly xhr xmlhttprequest

Keyword Cloud Navigation Map

Introduction to Cross-Domain Ajax

Abstract: AFAIK, the cross-domain Ajax calls are prohibited on the browser level due to the security reason. What to do if you really need to use the different source for Ajax response? This article is a great overview of the available tips and tricks.

What's this all about?

First, lets talk about the problem for a bit. It goes by the name same origin policy, and this explanation from mozilla.org is typical:

The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin.
-- From http://www.mozilla.org/projects/security/components/same-origin.html

This means that it is largely impossible to load scripts from one domain into another. For example, the following are prohibited:

  • Issuing an XMLHttpRequest() to another domain (a core component of Ajax).
  • Accessing or modifying the DOM of a <frame> or <iframe> which has a src attribute with another domain.
  • Accessing or modifying another window (or tab) which has a different location.