XMLHttpRequest - same origin restriction
71 views
Skip to first unread message
Escondido
Dec 9, 2008, 12:47:30 PM12/9/08
to CS193H High Performance Web Sites
For XHR Eval and XHR Injection, XMLHttpRequest must be served from the
same domain as the main page to make it work. I am wondering if there
is a way we can circumvent it if we need to, for example, by using a
server-side technique. If yes, how to do it? Thanks.
same domain as the main page to make it work. I am wondering if there
is a way we can circumvent it if we need to, for example, by using a
server-side technique. If yes, how to do it? Thanks.
Vibhor Nanavati
Dec 9, 2008, 1:18:24 PM12/9/08
to cs193...@googlegroups.com
I remember reading this article on developer.yahoo a couple of years back.
http://developer.yahoo.com/javascript/howto-proxy.html
A very neat technique to allow XHR to work across domains by using a proxy.
".....Instead of making your XMLHttpRequest calls directly to the web service, you make your calls to your web server proxy. The proxy then passes the call onto the web service and in return passes the data back to your client application. Because the connection is made to your server, and the data comes back from your server, the browser has nothing to complain about......"--
VIBHOR NANAVATI <vib...@stanford.edu>
http://developer.yahoo.com/javascript/howto-proxy.html
A very neat technique to allow XHR to work across domains by using a proxy.
".....Instead of making your XMLHttpRequest calls directly to the web service, you make your calls to your web server proxy. The proxy then passes the call onto the web service and in return passes the data back to your client application. Because the connection is made to your server, and the data comes back from your server, the browser has nothing to complain about......"
VIBHOR NANAVATI <vib...@stanford.edu>
collinjackson
Dec 9, 2008, 1:26:08 PM12/9/08
to CS193H High Performance Web Sites
Note that the newest browsers like IE8 and Firefox 3.1 have support
for cross-site XMLHttpRequest.
http://www.w3.org/TR/access-control/#access-control0
http://msdn.microsoft.com/en-us/library/cc288060(VS.85).aspx
On Dec 9, 10:18 am, "Vibhor Nanavati" <nvib...@gmail.com> wrote:
> I remember reading this article on developer.yahoo a couple of years back.http://developer.yahoo.com/javascript/howto-proxy.html
for cross-site XMLHttpRequest.
http://www.w3.org/TR/access-control/#access-control0
http://msdn.microsoft.com/en-us/library/cc288060(VS.85).aspx
On Dec 9, 10:18 am, "Vibhor Nanavati" <nvib...@gmail.com> wrote:
> I remember reading this article on developer.yahoo a couple of years back.http://developer.yahoo.com/javascript/howto-proxy.html
>
> A very neat technique to allow XHR to work across domains by using a proxy.
>
> ".....Instead of making your XMLHttpRequest calls directly to the web
> service, you make your calls to your web server proxy. The proxy then passes
> the call onto the web service and in return passes the data back to your
> client application. Because the connection is made to your server, and the
> data comes back from your server, the browser has nothing to complain
> about......"
>
> A very neat technique to allow XHR to work across domains by using a proxy.
>
> ".....Instead of making your XMLHttpRequest calls directly to the web
> service, you make your calls to your web server proxy. The proxy then passes
> the call onto the web service and in return passes the data back to your
> client application. Because the connection is made to your server, and the
> data comes back from your server, the browser has nothing to complain
> about......"
>
Wuping Lu
Dec 9, 2008, 1:46:59 PM12/9/08
to cs193...@googlegroups.com
Thanks for sharing - it is very helpful.
Eric Lovett
Dec 9, 2008, 1:54:13 PM12/9/08
to cs193...@googlegroups.com
In case you wanted more reading on this, here's the Mozilla take on it:
https://developer.mozilla.org/En/HTTP_Access_Control
https://developer.mozilla.org/En/Server-Side_Access_Control
Eric Lovett
etlo...@gmail.com
Cell: (503) 504-6998
https://developer.mozilla.org/En/HTTP_Access_Control
https://developer.mozilla.org/En/Server-Side_Access_Control
Eric Lovett
etlo...@gmail.com
Cell: (503) 504-6998
Reply all
Reply to author
Forward
0 new messages