wood burning stoves 2.0*
The moose likes HTML, CSS and JavaScript and the fly likes To Eric : XMLHttpRequest restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "To Eric : XMLHttpRequest restrictions " Watch "To Eric : XMLHttpRequest restrictions " New topic
Author

To Eric : XMLHttpRequest restrictions

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

This article http://www.xml.com/lpt/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html mentions that "...you aren't allowed to make XMLHttpRequests to any server except the server where your web page came from". Why is it so ? Thanks


Groovy
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
It is the same restriction that JavaScript has always had. It is a security restriction mainly becasue of screen scraping, password stealing, and so forth. You can not access another domain from your script unless you set the privilege manager for the browsers.

We talk about that in the book and I think there is an article on my blog somewhere about it. Google: Pascarello Ajax bookmarklet and you would get to that post.

There is a movement to allow the XMLHttpRequest object to talk to outside sources such as webservices. I personally perfer using the server to talk to outside services since I can cache it on the server and do not have to get it everytime the page is refreshed.

Eric
 
jQuery in Action, 2nd edition
 
subject: To Eric : XMLHttpRequest restrictions