File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes HTML, CSS and JavaScript and the fly likes To Eric : XMLHttpRequest restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "To Eric : XMLHttpRequest restrictions " Watch "To Eric : XMLHttpRequest restrictions " New topic

To Eric : XMLHttpRequest restrictions

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8927

This article mentions that " aren't allowed to make XMLHttpRequests to any server except the server where your web page came from". Why is it so ? Thanks

Eric Pascarello

Joined: Nov 08, 2001
Posts: 15385
It is the same restriction that JavaScript has always had. It is a security restriction mainly becasue of screen scraping, password stealing, and so forth. You can not access another domain from your script unless you set the privilege manager for the browsers.

We talk about that in the book and I think there is an article on my blog somewhere about it. Google: Pascarello Ajax bookmarklet and you would get to that post.

There is a movement to allow the XMLHttpRequest object to talk to outside sources such as webservices. I personally perfer using the server to talk to outside services since I can cache it on the server and do not have to get it everytime the page is refreshed.

I agree. Here's the link:
subject: To Eric : XMLHttpRequest restrictions
It's not a secret anymore!