File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes HTML, CSS and JavaScript and the fly likes To Eric : XMLHttpRequest restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "To Eric : XMLHttpRequest restrictions " Watch "To Eric : XMLHttpRequest restrictions " New topic
Author

To Eric : XMLHttpRequest restrictions

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

This article http://www.xml.com/lpt/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html mentions that "...you aren't allowed to make XMLHttpRequests to any server except the server where your web page came from". Why is it so ? Thanks


Groovy
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
It is the same restriction that JavaScript has always had. It is a security restriction mainly becasue of screen scraping, password stealing, and so forth. You can not access another domain from your script unless you set the privilege manager for the browsers.

We talk about that in the book and I think there is an article on my blog somewhere about it. Google: Pascarello Ajax bookmarklet and you would get to that post.

There is a movement to allow the XMLHttpRequest object to talk to outside sources such as webservices. I personally perfer using the server to talk to outside services since I can cache it on the server and do not have to get it everytime the page is refreshed.

Eric
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: To Eric : XMLHttpRequest restrictions
 
Similar Threads
Ajax and Firefox
Calling Tomcat directly using Ajax: request for opinions and suggestions
XML interview questions
XMLHttpRequest considered harmful
check valid username