aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes To Eric : XMLHttpRequest restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "To Eric : XMLHttpRequest restrictions " Watch "To Eric : XMLHttpRequest restrictions " New topic
Author

To Eric : XMLHttpRequest restrictions

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8898

This article http://www.xml.com/lpt/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html mentions that "...you aren't allowed to make XMLHttpRequests to any server except the server where your web page came from". Why is it so ? Thanks


Groovy
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
It is the same restriction that JavaScript has always had. It is a security restriction mainly becasue of screen scraping, password stealing, and so forth. You can not access another domain from your script unless you set the privilege manager for the browsers.

We talk about that in the book and I think there is an article on my blog somewhere about it. Google: Pascarello Ajax bookmarklet and you would get to that post.

There is a movement to allow the XMLHttpRequest object to talk to outside sources such as webservices. I personally perfer using the server to talk to outside services since I can cache it on the server and do not have to get it everytime the page is refreshed.

Eric
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: To Eric : XMLHttpRequest restrictions
 
Similar Threads
check valid username
XMLHttpRequest considered harmful
XML interview questions
Calling Tomcat directly using Ajax: request for opinions and suggestions
Ajax and Firefox