• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

To Eric : XMLHttpRequest restrictions

 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This article http://www.xml.com/lpt/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html mentions that "...you aren't allowed to make XMLHttpRequests to any server except the server where your web page came from". Why is it so ? Thanks
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is the same restriction that JavaScript has always had. It is a security restriction mainly becasue of screen scraping, password stealing, and so forth. You can not access another domain from your script unless you set the privilege manager for the browsers.

We talk about that in the book and I think there is an article on my blog somewhere about it. Google: Pascarello Ajax bookmarklet and you would get to that post.

There is a movement to allow the XMLHttpRequest object to talk to outside sources such as webservices. I personally perfer using the server to talk to outside services since I can cache it on the server and do not have to get it everytime the page is refreshed.

Eric
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic